DeFi Exploit Post-Mortem: This Week's $100M Security Lessons

The DeFi is sailing from a devastating mid-May hack wave. This security crisis cost the industry over $98 million in headline losses across five protocols (figures include minted-but-unextracted value; actual extracted losses were significantly lower), while a fresh $2.8 million stablecoin exploit and a structural shift toward AI-driven hacking now dominate this week's security landscape.

The industry has shaken with the surge in exploit velocity and complexity. We break down each major incident below to understand the structural failures behind the numbers.

Deconstructing the Exploits

1. THORChain: GG20 TSS Key Leakage

On Friday, May 15, THORChain paused all trading after a $10.8 million cross-chain exploit targeting its Asgard vault system.

THORChain uses a cryptographic scheme called GG20, a fork of Binance's tss-lib, to enable native cross-chain swaps without wrapping assets or relying on a centralized bridge.

A rotating set of node operators collectively sign outbound transactions. No single node ever holds a full private key.

In theory, this design eliminates single points of failure. In practice, a recently churned validator node leaked key material during cryptographic signing rounds.

Investigators from PeckShield and Cyvers identified the attack as a GG20 Threshold Signature Scheme (TSS) vulnerability. The attacker gradually reconstructed vault key shards offline, then forged outbound signatures that the network accepted as legitimate.

The attacker drained $10.8 million across Ethereum, Bitcoin, BNB Chain, and Base from a single Asgard vault. Chainalysis later confirmed the operation was prepared weeks in advance.

Chainalysis traced attacker-linked wallets moving funds through Monero, Hyperliquid, and Arbitrum in the weeks before the exploit, as part of the setup operation. The stolen funds remained dormant as of reporting. User-controlled funds were not touched. The losses were entirely confined to protocol-owned liquidity.

2. Verus-Ethereum Bridge: The Validation Gap

On May 18, the Verus Protocol lost $11.58 million through a logic flaw in its cross-chain bridge. The root cause was that neither side of the bridge verified that the input amount matched the payout amount. Here's our breakdown on X.

The Verus side validated the structure and authenticity of the transfer blob, including the Merkle proof and state root. The Ethereum side validated the notaries' signatures and extracted the payout instructions. Neither checked whether the two sides balanced.

The attacker submitted a transfer blob containing $0.01 worth of VRSC on the Verus side. Because all cryptographic components were valid, the Ethereum side released $11.58 million in ETH, tBTC, and USDC.

The missing check was the checkCCEValues function on the Ethereum contract, which was never implemented.

In a subsequent development, the attacker returned $8.5 million and kept 1,350 ETH (~$2.8M) as a formally negotiated bounty under a structured settlement.

3. Echo Protocol: Admin Key Compromise

On May 19, Echo Protocol paused its Monad bridge after an attacker compromised the admin private key of the eBTC contract.Using this key, the attacker minted 1,000 unauthorized eBTC worth $76.7 million.

The attacker extracted approximately $816,000 by depositing 45 eBTC into lending protocol Curvance as collateral, borrowing ~11.29 WBTC, and routing the proceeds through Tornado Cash. The team subsequently burned the remaining 955 eBTC to prevent further losses.

The headline figure of $76.7 million reflects the minted value, not the actual extraction. The real loss was $816,000. The incident nonetheless exposes a critical design risk.

A single admin key with unrestricted minting authority can create a catastrophic failure point regardless of how secure the underlying smart contract logic is.

4. MAP Protocol: The Retry-Hash Exploit

On May 20, the Butter Bridge on MAP Protocol was tricked into minting 1 quadrillion MAPO tokens, nearly 5 million times the circulating supply.

The exploit originated at the Solidity contract layer. The attacker first submitted a legitimate oracle multisig-signed message. They then deployed a malicious contract to a targeted address and resent a manipulated retry message.

Because this message produced the same hash structure as the original, the bridge accepted it as valid and minted the tokens. The attacker dumped a portion of the tokens onto Uniswap pools to extract 52 ETH worth approximately $110,000.

MAP Protocol paused mainnet operations and began migrating to a new contract address. The MAPO token price fell 96% from $0.003 to $0.0001.

5. StablR: Multisig Governance Failure

On Sunday, May 24, the regulated stablecoin issuer StablR suffered a $2.8 million exploit. The attacker compromised a private key linked to one owner of the minting multisig account.

The setup used a 1-of-3 threshold, meaning a single compromised key was sufficient to take full control of minting access. The attacker added themselves as an owner, replaced the two remaining legitimate owners, and minted 8.35 million USDR and 4.5 million EURR.

The unbacked supply broke both pegs. EURR fell to approximately $0.85 at its low and USDR fell as low as $0.40. The attacker swapped the tokens through DEXs to extract 1,115 ETH.

Blockchain security firm Blockaid, which detected the exploit in real time, noted: "This is not a smart contract bug, it's a key management and governance failure."

The AI Vulnerability Shift

This surge in exploits occurs alongside a structural shift in the threat landscape. On May 26, OpenZeppelin co-founder, Manuel Aráoz, warned that he now considers all of DeFi unsafe. (Note: OpenZeppelin has since distanced itself from the comments, stating that Aráoz's views do not represent the company's current position.)

Specifically, he argued that AI coding agents have become superhuman at finding smart contract vulnerabilities. Anthropic's restricted Claude Mythos model can autonomously discover software flaws and develop working exploits at a level that surpasses existing automated tools.

DeFi's transparent, on-chain code was historically marketed as a strength. It is now becoming a liability, because machine systems can scan public contract code, identify weaknesses, and weaponize them faster than human defenders can patch them.

The asymmetry is severe. Defenders must fix every single bug. An AI-powered attacker needs to find just one logic gap to drain millions.

What Pre-Execution Simulation Reveals

Several of this week's exploits share a common theme that the attack transactions were structurally unusual before they landed on-chain.

The MAP Protocol retry message produced an identical hash to a legitimate message but triggered a wildly different state change. The Verus bridge transfer blob contained a $0.01 input against a $11.58 million output.

These are anomalies that a simulation layer would surface before execution. Portals Foresight is an EVM transaction simulation API that executes calldata against a live fork of chain state and returns structured results before a transaction is submitted.

The API returns net asset changes, gas costs, decoded events, and token metadata in a single call. When a transaction would fail, it returns a human-readable revert reason rather than an opaque hex blob.

The way simulation pipeline works is as follows:

First, Foresight provisions the sender's input token balance automatically, so developers can test flows without pre-funding wallets.

Second, the transaction runs against the latest on-chain state in a fully isolated environment. No state changes persist and no other users are affected.

Third, the raw output is processed into structured asset changes for the sender and recipient, enriched with token metadata for display.

For multi-step DeFi flows, the batch simulation endpoint (POST /v1/simulate/batch) chains up to 50 transactions in a single call with shared state.

This allows developers to preview a full leverage loop, such as supply, borrow, and swap, and inspect per-step success or failure before any capital moves on-chain.

The API also supports historical re-simulation, which means developers can replay a past transaction at its original block to inspect exactly what state changes it produced. This is directly applicable to post-mortem analysis.

For example, the entire MAP Protocol exploit lifecycle, including the forged retry message that conjured 1 quadrillion MAPO from zero, is replayable through the Foresight Tracer.

Foresight covers 30 EVM chains with the same API and response format, including Ethereum, Base, Arbitrum, Polygon, Monad, and 25 more networks. The free tier includes 1,000 simulations per month.

Looking Ahead

The mid-May hack wave confirms that cross-chain infrastructure remains the most exploited attack surface in DeFi. Key management failures, bridge validation gaps, and TSS implementation vulnerabilities each contributed to this week's losses.

The AI threat layer compounds this by accelerating the pace at which attackers can discover and weaponize these gaps.

For a broader view of this week's market conditions, yield movements, and protocol-level data, read the full Portals DeFi Weekly for May 2026 Week 3.

For a deeper understanding of DeFi security fundamentals, the Portals DeFi Security guide covers smart contract risks, audit standards, and wallet security practices.

About portals.fi: portals.fi is the DeFi Super App. A one-click gateway to the entire on-chain economy.

Powered by real-time data and seamless execution, portals.fi connects traders to over 20 million assets, thousands of protocols, and every major blockchain.

Disclaimer: The content of this newsletter is for informational purposes only. It is not investment advice. Please do your own research and consult with a qualified financial advisor before making any investment decisions.

DeFi investments carry significant risks, and past performance does not guarantee future results. Read the disclaimer here.