Bridge hacks drain $340.7M in May, 14 protocols hit

May 2025 was the second-costliest month for crypto bridge exploits this year, with 14 protocols losing a combined $340.7 million to attackers, according to a report by PeckShieldAlert. The figure trails only April’s record $634.85 million in compromised value. The year-to-date total now stands near $770 million, a figure that underscores a structural shift from isolated breaches to sustained pressure on interoperability infrastructure.

Verus-Ethereum and THORChain: The $10M+ Club

The Largest Single Losses

Two attacks in May exceeded the $10 million threshold. The Verus-Ethereum Bridge lost $11.4 million. The THORChain exploit cost $10 million. Both targeted weaknesses in cross-chain message-passing logic, not the base chains themselves.

Secondary Victims

Gravity Bridge lost $5.4 million. IoTeX.io Bridge lost $8.8 million. These smaller figures still represent material losses for protocols that often hold concentrated liquidity in a single contract.

April’s $634M Record Sets the Stage

The KelpDAO/LayerZero Exploit

April set a grim benchmark. 30 separate incidents drained over $600 million in a single month. The largest was the KelpDAO/LayerZero exploit on April 18, which alone accounted for about $292 million in losses. That event was the largest single exploit in the dataset.

Monthly Loss Progression

Month	Losses (USD)	Notable Events
January 2025	$0	No reported bridge exploits
February 2025	$24.21M	Minor incidents
March 2025	$41.26M	Rising frequency
April 2025	$634.85M	KelpDAO/LayerZero ($292M), 30 total
May 2025	$60.03M (DeFiLlama) / $340.7M (PeckShieldAlert)	Verus-Ethereum ($11.4M), THORChain ($10M)

The discrepancy between DeFiLlama’s $60.03 million and PeckShieldAlert’s $340.7 million for May reflects different counting methodologies. DeFiLlama may exclude certain exploit types or double-counting. The trend, however, is unambiguous: the attack cadence has accelerated.

Why Bridges Are a Structural Risk

The Architecture Problem

Bridge protocols are inherently more exposed than single-chain applications. They rely on:

Message-passing mechanisms between chains
Validator or relayer sets with multisig or threshold signing
Smart contracts that hold large asset pools on both sides

Each component adds a distinct attack surface. A flaw in any one layer can compromise the entire bridge. The THORChain exploit in May, for example, targeted a weakness in the cross-chain swap logic, not the base chain itself.

Exposed Assets and Networks

Vulnerable Token Categories

Any token bridged through an affected protocol is at risk until the bridge’s status is confirmed. Key categories include:

Wrapped assets (e.g., wETH, wBTC) – these are often the first target

Stablecoins – the primary reserve asset in most bridges

Governance tokens tied to the bridge protocol itself

Affected Networks

Attacks in May hit Ethereum, Binance Smart Chain, Arbitrum, Optimism, and Avalanche bridges. The Verus-Ethereum Bridge alone shows that even less prominent cross-chain pairs are not immune.

What Would Reduce the Risk

Decentralized validation – replacing multisig with threshold signatures or ZK proofs

Reduced bridge liquidity – moving to smaller, audited pools with frequent rebalancing

Cryptographic verification – implementing fraud proofs or optimistic finality

Thorough auditing – covering all message-passing and relayer paths

What Would Make It Worse

A single exploit above $500 million would erode confidence in the entire bridge ecosystem

An attack on a top-5 TVL protocol like Arbitrum Bridge or Wormhole could trigger cascading withdrawals

Regulatory pressure on bridge operators to custody user funds could add counterparty risk on top of code risk

The Bridge Risk Filter: Practical Rules

Practical rule: Do not store assets in a bridge contract longer than needed. Every minute a token sits in a bridge pool, the attack surface extends.

Risk to watch: Unusually large volume spikes or TVL growth in a bridge protocol without corresponding audit disclosure. That growth often attracts targeted exploits.

Bottom line for traders: Treat bridge exposure as a short-term operational risk, not a passive holding. Use L2-native assets where possible, and exit bridge positions within 24 hours of the swap. The $770 million year-to-date figure is not a one-off. It is a structural cost of interoperability until the architecture matures.

For broader context on how these exploits affect the broader crypto market, see our crypto market analysis. For specific token exposure, check the Ethereum (ETH) profile and Bitcoin (BTC) profile.