Eight cross-chain bridge hacks drain $328.6M in May
Peckshield reported eight cross-chain bridge exploits drained $328.6 million from crypto protocols in May, targeting bridge verification and key-management weaknesses.
Peckshield reported that eight cross-chain bridge exploits removed $328.6 million from crypto protocols in May 2026. The incidents targeted infrastructure that moves tokens between separate blockchains and highlighted weaknesses in message verification and private-key management.
Cross-chain bridges lock tokens on one blockchain and mint equivalent tokens on another. That setup concentrates liquidity in pooled contracts and creates a single point where compromised verification or keys can allow fraudulent minting or releases.
The May tally followed major incidents in April. On April 18, KelpDAO’s route on LayerZero V2 was exploited for roughly $300 million after an attacker withdrew 116,500 rsETH from an OFT adapter without burning the tokens on the source chain. A technical review found LayerZero’s default RPC quorum was set to one, which allowed a single poisoned node to authorize fraudulent cross-chain messages. KelpDAO migrated assets to Chainlink’s cross-chain token standard and attributed the failure to the LayerZero infrastructure.
Days later, Drift Protocol reported a loss of more than $200 million on its Solana-based infrastructure.
Smaller incidents took place earlier in the year and in May. In February, IoTeX’s bridge lost about $2 million after a private key was compromised. TAC Protocol reported a $2.8 million removal in early May that was later classified as a white-hat incident after the actor claimed a 10% bounty. Transit Finance was drained of $1.88 million on May 13. The Verus–Ethereum bridge lost about $11.5 million; investigators traced the attacker’s wallet to an address seeded using Tornado Cash.
Peckshield’s mid-May figures follow earlier data showing roughly $112.5 million in hacks during the first two months of 2026 and cumulative losses that had passed $750 million by mid-April. With the May bridge incidents added, recorded losses for the year have increased further.
Security firms tracking the attacks noted a shift in tactics toward exploiting verification systems and consensus assumptions rather than attacking individual chains. In response, some projects have migrated to alternative cross-chain standards, and teams are reviewing key custody practices, node diversity and message verification policies to reduce single points of failure.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
