Crypto Hackers Stole $68 Million In May — But The Attacks Getting No Headlines Are Far More Terrifying
What happened
Momentum in the cryptocurrency market is often measured in price movements and adoption rates, but a recent report from blockchain security firm CertiK paints a stark picture of the sector's ongoing battle with security vulnerabilities. According to their data, May 2026 saw a notable reduction in on-chain crypto losses, tallying approximately US$68.3 million. This marks the third month of the year where losses have fallen below the US$100 million threshold, a significant drop from April's high of US$650 million, which was largely attributed to two major exploits linked to North Korea.
However, this seemingly positive trend in on-chain security masks a far more concerning development: a surge in physical attacks targeting cryptocurrency holders. Physical attacks, often dubbed 'wrench attacks', involve coercion or force to gain access to private keys or digital wallets. CertiK's findings, echoed in an Insurance Journal report, highlight a 75% increase in such incidents in 2025, reaching 72 confirmed cases and an estimated US$41 million in losses.
The first four months of 2026 alone recorded 34 verified physical attacks, with estimated losses already surpassing US$100 million globally. These incidents include kidnappings, assaults, and home invasions, fundamentally reshaping how the industry views personal security. The co-founder of Bitcoin custody firm Casa, Jameson Lopp, tracks these incidents, noting a threefold increase between 2023 and 2025 – a figure widely believed to be an understatement due to the private resolution of many such cases.
The on-chain losses in May were primarily driven by cross-chain bridge exploits, which accounted for nearly 42% (approximately US$28.6 million) of the total, and code vulnerabilities, responsible for about 66% (roughly US$45 million). The largest single exploit was the US$11.5 million Verus-Ethereum Bridge attack, followed by US$10.1 million stolen from THORChain. While US$2.6 million was lost to phishing attacks, roughly US$9.4 million was successfully recovered or returned to affected treasuries.
Why it matters for Australian investors
For Australian investors, the evolving threat landscape in the crypto space is a critical consideration. While the May figures suggest a short-term improvement in on-chain security, the rise of physical attacks indicates a new dimension of risk that traditional cybersecurity measures cannot address. This shift necessitates a re-evaluation of personal security protocols, particularly for individuals with significant crypto holdings.
Australian investors use various platforms, including CoinSpot, Independent Reserve, Swyftx, and BTC Markets, to manage their digital assets. While these exchanges employ robust security measures to protect funds, holding large amounts of crypto on any platform carries inherent risks, especially if those assets are not in cold storage. The CertiK report reinforces the long-standing advice to move idle assets off exchanges and into secure offline storage to mitigate on-chain exploit risks.
The Australian Taxation Office (ATO) treats cryptocurrency as property for tax purposes, meaning capital gains tax applies to disposals. The unfortunate reality of 'wrench attacks' highlights that losses due to physical coercion could incur complex situations for tax reporting, though such situations are rare and would likely involve extensive documentation and reporting to law enforcement and potentially AUSTRAC.
Moreover, the increasing sophistication of cyber threats, including AI-accelerated social engineering as flagged by CertiK's Natalie Newson, means that Australian investors must remain vigilant. Verifying every URL and smart contract before engagement is paramount. The Australian Securities and Investments Commission (ASIC) regularly issues warnings about scams in the crypto space, underscoring the need for diligence.
Impact on the AUD market
The direct impact of global crypto security incidents on the Australian dollar (AUD) market is typically indirect but can be felt through overall investor sentiment and regulatory responses. A significant global hack or a wave of physical attacks can erode investor confidence, potentially leading to a broader sell-off in the crypto market. This, in turn, could see some capital flow back into more traditional assets or stablecoins, possibly influencing the demand for fiat currencies like the AUD as a safe haven.
While the AUD is rarely directly targeted in crypto exploits, the reputation of the global crypto market does influence how Australian financial institutions and regulators perceive digital assets. Heightened security concerns could prompt AUSTRAC to intensify its scrutiny on crypto transactions, strengthening anti-money laundering (AML) and counter-terrorism financing (CTF) protocols. This could indirectly affect the ease and speed with which Australians can buy, sell, or transfer cryptocurrencies on local exchanges.
Furthermore, if the global trend of physical attacks continues, it could lead to increased demand for specialised insurance products for crypto assets, a nascent market that could see growth in Australia. Such insurance, while offering a layer of protection, also signifies a recognition of the significant risks involved, potentially influencing how Australian financial advisors counsel their clients on crypto investments.
Local exchanges like CoinSpot, Independent Reserve, Swyftx, and BTC Markets are continually investing in security. However, the 'human element' of security, now under attack with physical threats, falls on the individual investor. While Australian exchanges are robust in their digital defenses, the off-chain perils highlighted by CertiK serve as a reminder that the responsibility of personal security extends beyond the digital realm.
What to watch next
The immediate focus for Australian investors should be on strengthening personal and digital security practices. This includes moving significant, idle crypto holdings into cold storage, often referred to as hardware wallets, which are less susceptible to both on-chain exploits and many forms of physical coercion if stored securely offline. Diversifying crypto holdings across different wallets and understanding the difference between hot and cold storage are fundamental steps.
Beyond individual actions, the industry's response to the escalating physical threats will be important to monitor. Conferences this year, such as Bitcoin 2026, have already shown a heightened awareness of personal security, with speakers employing bodyguards and workshops dedicated to protecting holdings during home invasions. This trend indicates that personal security protocols within the crypto community are rapidly evolving.
Regulators globally and in Australia, including ASIC and AUSTRAC, will be closely watching these developments. Increased physical attacks could prompt discussions around how to better protect investors, potentially leading to new guidelines or recommendations for individuals and exchanges. The evolving role of AI in accelerating threat environments, both for social engineering and weaponising generative tools, also demands continuous vigilance and education.
Year-to-date through May, the crypto sector has recorded US$1.1 billion in total losses across 185 tracked incidents, with North Korea-linked actors responsible for approximately US$620.9 million, or 55% of all stolen value. This persistent threat from state-sponsored groups, combined with the alarming rise of physical attacks, underscores the need for robust security strategies at all levels – from individual users to large exchanges and governmental bodies. Australian investors are encouraged to stay informed and adapt their security posture proactively.
Coins covered
Common questions
How can Australian crypto investors best protect themselves from physical attacks like 'wrench attacks'?
Australian investors should prioritise cold storage solutions for significant crypto holdings, such as hardware wallets, and store them securely offline. It's crucial to avoid discussing crypto holdings publicly, enhance home security, and maintain a high level of personal anonymity regarding digital assets. Diversifying holdings and avoiding single points of failure can also add layers of protection.
Are Australian crypto exchanges like CoinSpot or Swyftx safe from these specific 'wrench attacks'?
Australian crypto exchanges generally have secure digital infrastructure to protect funds held on their platforms. However, 'wrench attacks' are primarily physical threats targeting individual investors to gain access to their private keys or wallet credentials, not the exchanges directly. Storing large amounts of cryptocurrency on any 'hot' exchange wallet always carries some level of risk, reinforcing the recommendation to move idle assets to personal cold storage.
What is the ATO's stance if my cryptocurrency is stolen in a physical 'wrench attack'?
The ATO treats cryptocurrency as property for tax purposes. If your cryptocurrency is stolen, it may be possible to claim a capital loss. However, you would need to provide strong evidence of the theft, such as police reports and detailed documentation of the loss. It's advisable to consult with a tax professional to understand the specific implications for your situation.
Global crypto losses hit US$68.3M in May 2026, with a sharp rise in physical attacks. Explore what this means for Australian investors and security.