DeFi bridge hacks total $328.6M in 2026

Bloomingbit reported on May 24 that losses from decentralized-finance bridge hacks had reached $328.6 million so far in 2026, citing a May 23 Cointelegraph report based on data from blockchain security firm PeckShield. PeckShield’s tally covered eight bridge-related incidents through mid-May and put the year’s largest bridge exploit at about $292 million, tied to KelpDAO and LayerZero-powered infrastructure. The figure matters because bridges sit between blockchains and hold or verify assets moving across networks. That design has made them a repeated target in crypto: a single failure in message verification, validator control or key management can expose funds on more than one chain at once. The most recent addition to the 2026 total was the May 18 drain of roughly $11.5 million from the Verus-Ethereum bridge, according to multiple reports summarizing PeckShield’s running count. (en.bloomingbit.io) ### Why are bridge hacks such a persistent problem? Cross-chain bridges combine smart contracts, off-chain relayers, validators and message-proof systems in one stack. That means attackers do not need to break a blockchain itself; they can target the narrower software and operational layers that tell one chain an asset has been locked or redeemed on another. Reports on the Verus exploit said the attacker used a forged Merkle proof, which is the kind of failure that can let an attacker mint or withdraw assets without proper backing. (msn.com) PeckShield’s 2026 list suggests concentration risk remains central. Cointelegraph’s summary, as relayed by Bloomingbit, said the KelpDAO incident accounted for the overwhelming bulk of this year’s bridge losses, with roughly $292 million stolen in one event. That means one exploit made up nearly nine-tenths of the $328.6 million total. ### Which exploit is driving the 2026 total? (msn.com) The April 18 KelpDAO exploit is the main driver. Yahoo Finance and AOL, citing Chainlink Labs chief business officer Johann Eid, said the attack drained about $292 million from KelpDAO’s LayerZero-powered bridge and exposed risks tied to concentrated verification setups. Those reports linked the incident directly to a later shift in cross-chain infrastructure choices by DeFi protocols. (en.bloomingbit.io) Other incidents were smaller but still material. The May 18 Verus-Ethereum bridge exploit added about $11.5 million to the running total, and PeckShield’s count showed eight bridge exploits through mid-May. That sequence indicates the losses were not from a single isolated event, even if one attack dominated the dollar amount. (finance.yahoo.com) ### What changed after the April attack? Chainlink Labs said the KelpDAO exploit triggered a migration in assets and protocols. Johann Eid told outlets including Yahoo Finance and AOL that roughly $4 billion had shifted into CCIP-connected infrastructure in the weeks after the attack. Separate reports said seven protocols moved more than $4 billion in value to Chainlink’s Cross-Chain Interoperability Protocol, or CCIP. (msn.com) Named examples included Lombard, which said it was migrating more than $1 billion in bitcoin-backed assets to CCIP, and Kraken, which moved to replace LayerZero with Chainlink CCIP for wrapped-asset transfers. Those decisions were presented as security-driven responses rather than broad market expansion announcements. ### Is this only a bridge story, or a broader DeFi problem? (finance.yahoo.com) The bridge total is narrower than total DeFi exploit losses. Some 2026 hack trackers show overall DeFi losses running much higher once oracle, governance and wallet exploits are included. But the bridge number stands out because cross-chain systems are supposed to connect liquidity across networks, and repeated failures there can force protocols to change providers, pause transfers or redesign how messages are verified. (cryptobriefing.com) The next data points will come from updated exploit tallies and protocol migration disclosures. PeckShield’s bridge-loss count will rise if new incidents are confirmed, and Chainlink, Lombard, Kraken and other named protocols have already been cited in reports as participants in the post-April CCIP shift. (en.bloomingbit.io) (ccn.com)