Since the beginning of 2026, the decentralized finance sector has been confronted with numerous DeFi exploits, and in May, another wave of security incidents has occurred. Several protocols have suffered multimillion-dollar breaches linked to vulnerabilities in bridge infrastructure, validator systems, and administrative controls.

Here are three of the latest DeFi exploits drawing attention across the crypto market.

Echo Protocol Exploit Tops $76 Million

Echo Protocol was reportedly exploited for approximately $76.7 million after attackers gained unauthorized access linked to administrative controls.

According to early incident reports, the attackers minted around 1,000 unauthorized eBTC tokens before using portions of the funds as collateral on external lending markets. Some assets were later bridged to Ethereum and partially routed through privacy infrastructure including Tornado Cash.

The incident has renewed concerns around centralized admin privileges and operational key management inside DeFi systems. Following the exploit, cross-chain functionality connected to the protocol was reportedly paused while investigations continued.

Security researchers noted that infrastructure-level weaknesses, rather than a traditional smart contract coding bug, appeared to play a major role in the attack.

Verus Ethereum Bridge Suffers $11.6 Million Exploit

The Verus Ethereum Bridge suffered an exploit on May 17, resulting in the theft of approximately $11.6 million. According to Blockaid, a blockchain exploit detection firm, attackers took advantage of vulnerabilities within the bridge’s verification logic to carry out the breach. Initial findings suggest the exploit may have allowed attackers to release assets on Ethereum without sufficient verification of collateral or backing on the Verus side of the bridge infrastructure.

Cross-chain bridges continue to represent one of the largest attack surfaces in decentralized finance due to their reliance on validators, relayers, and complex verification systems. The exploit indicated the attack remained active for a period after discovery, raising additional concerns about incident response timing and bridge security practices.

THORChain Exploit Hits Validator Infrastructure

THORChain reportedly lost approximately $10.8 million on May 15, after attackers exploited weaknesses tied to validator infrastructure and threshold signature systems. Coindesk’s report indicated the exploit targeted aspects of the protocol’s GG20 threshold signature implementation, which is used to coordinate asset custody across validator nodes.

The attackers allegedly drained assets including BTC, ETH, and BNB from protocol vaults before THORChain temporarily halted swaps and liquidity operations as a precautionary measure. The incident highlights the growing complexity of securing cross-chain liquidity networks, especially those dependent on distributed validator coordination and shared custody models.

Cross-Chain Infrastructure Remains a Major Risk Area

These incidents reflect a broader trend emerging across DeFi in 2026: attackers are increasingly targeting infrastructure layers rather than simple, smart contract vulnerabilities.

The latest exploits have involved:

• Bridge verification flaws
• Validator coordination weaknesses
• Administrative key compromise
• Cross-chain messaging systems
• Liquidity vault infrastructure

Security analysts have repeatedly warned that interconnected DeFi ecosystems can amplify contagion risks when protocols rely heavily on shared collateral, bridged assets, or cross-chain liquidity systems. Protocol security is shifting from isolated smart contract audits to operational, validator, and infrastructure risk management as DeFi adoption increases.