May 2025 Crypto Hacks Recap: Risks and Lessons Behind 20 Security Incidents
Since the birth of Bitcoin, crypto hacks and thefts have never truly stopped. And May was no exception. Although the total amount stolen dropped by nearly 40% compared to April, as many as 20 security incidents still occurred, with cumulative losses reaching a staggering $244 million. In other words, hackers haven’t slowed down — instead, they’re constantly probing the industry’s defenses.
Some of these cases involved shockingly large sums, striking a blow to project teams’ confidence and casting a shadow over the asset security of everyday investors.
At the end of the day, the decentralization and anonymity of crypto assets, while incredibly convenient, have also made them a juicy target for hackers. Every attack is another warning siren echoing along the road to industry health, reminding us that security can never be taken lightly.
Overall Picture: May’s Crypto Hack Statistics
According to available data, around 20 crypto-related attacks occurred in May 2025, involving DeFi protocols, cross-chain bridges, GameFi/NFT projects, and on-chain asset management platforms. While the number of incidents fell slightly compared to April, the average amount per incident remained high, proving that hackers are still laser-focused on high-value targets.
The total loss reached $244 million, a 39.29% decrease from April. This may indicate slight improvement in the industry’s overall security posture — perhaps due to increased auditing and security hardening. However, serious vulnerabilities remain.
Below, we break down the five most significant attack cases from May.
Top 5 Major Hacks in May
- Cetus Protocol — $220 Million Stolen, 71% Recovered
Cetus Protocol suffered the biggest hack of the month, with attackers exploiting a smart contract vulnerability to siphon off around $220 million in assets. Cetus, a decentralized trading protocol, showed major flaws in access control and contract logic, allowing hackers to manipulate transaction paths and drain funds.
The good news: following the breach, security teams and relevant on-chain entities acted swiftly. Through multisig freeze mechanisms, they managed to recover $157 million, or 71% of the stolen assets — highlighting growing capabilities in emergency response and on-chain asset tracing.
However, over $60 million remains unrecovered, underscoring how difficult it is to track funds once they’re dispersed across chains. The incident is a stark reminder that DeFi protocol design must prioritize security, especially in multi-chain, cross-contract interaction environments.
- Cork Protocol — $12 Million Stolen
Cork Protocol lost $12 million due to a privilege escalation vulnerability in its codebase. Hackers altered the asset management contract without authorization. As a privacy-focused DeFi project, Cork’s downfall revealed insufficient auditing and weak permissions management.
This also reflects broader security challenges when privacy chains interact with public chains. With privacy tech becoming more prevalent, cross-chain privacy asset management is a growing attack surface.
- Suspected North Korean Hacker Group — $5.2 Million Theft
May also saw a high-profile hack suspected to be linked to a North Korean hacker organization, resulting in $5.2 million in losses. Known for combining social engineering with contract vulnerability exploitation, this group typically targets cross-chain bridges and DeFi liquidity pools.
The incident illustrates both the lack of cross-border regulatory coordination and the global nature of cybersecurity threats. The industry must boost defensive capabilities and collaborate more closely with global regulators.
- Token MBU — $2.2 Million Lost
The Token MBU project lost $2.2 million when a smart contract bug allowed attackers to hijack the token issuance contract, mint a large number of tokens illegally, and transfer the funds.
This hack shows yet again that smart contract design and auditing are mission-critical — especially regarding issuance logic and permissions control. Token MBU’s experience reflects how small and mid-sized projects still lack robust security awareness.
- MaplestoryU — $1.2 Million Lost
MaplestoryU, a blockchain gaming project, was hacked for $1.2 million via a cross-chain bridge exploit. Hackers illegally moved virtual assets by exploiting bridge weaknesses.
As blockchain games and NFTs continue to explode in popularity, security systems remain underdeveloped. Cross-chain bridges have become a prime attack vector. This event serves as a wake-up call for game developers and users alike to strengthen security practices and standardize asset management processes.
Common Themes Behind the Attacks
Reviewing these five major cases, we can observe several commonalities:
Smart contract bugs remain the #1 risk. Whether it’s privilege escalations, logic flaws, or token minting issues, these attacks highlight that smart contract development and auditing are still far from mature.
Cross-chain bridge vulnerabilities are glaring. These are technically complex systems and remain a favorite entry point for attackers due to high-value transfers and difficult defenses.
Hackers are getting smarter. Especially with state-backed hacker groups entering the fray, the attacks are stealthier and more advanced, putting even greater pressure on the ecosystem.
Emergency response is improving. The successful freeze of stolen funds in the Cetus Protocol case shows progress in on-chain tracing and fund recovery. The industry’s defensive infrastructure is maturing.
Industry Response: A Multi-Layered Defense Ecosystem Is Taking Shape
Security audit technologies are evolving. Major audit firms are now integrating AI-powered automated scanners and formal verification tools to enhance contract safety.
Insurance and compensation mechanisms are growing. DeFi insurance is becoming more mature, offering users some protection against asset losses.
Cross-chain bridge tech is improving. Distributed verification, multisigs, and time-locks are being widely adopted to bolster bridge security.
Regulatory engagement is deepening. Multiple countries are accelerating their crypto security legislation, promoting industry self-regulation and compliance maturity.
Conclusion
Despite the drop in frequency and dollar loss, May 2025’s crypto attacks still expose deep structural risks — particularly in smart contracts and cross-chain infrastructure.
The crypto industry must continue to invest in technology R&D, rigorous security audits, and global regulatory collaboration to build a more secure and resilient ecosystem — one that can support the healthy development of digital asset markets over the long term.
