MetaMask has indicated in an ecosystem report that the Bitcoin and cryptocurrency ecosystem in May 2026 faced escalating threats from supply chain compromises, AI-driven exploits, as well as a range of potentially serious DeFi vulnerabilities, according to MetaMask’s security update. While malicious attackers challenged existing boundaries with various tactics, the ecosystem responded with strengthened security measures, various funding initiatives, and law enforcement actions.
This research report emphasizes the need for heightened vigilance as digital assets attract more institutional interest and digital technologies.
Supply chain attacks reached alarming new heights with the Mini Shai-Hulud worm, which compromised over 600 packages on npm and PyPI repositories.
This campaign, linked to TeamPCP, released hundreds of malicious versions affecting prominent organizations, including OpenAI, TanStack, Mistral AI, and others.
OpenAI acknowledged that two employee devices were breached, granting limited access to internal systems.
Security experts observed that attackers increasingly targeted CI/CD pipelines directly, shifting from traditional methods.
In response, npm invalidated certain access tokens bypassing two-factor authentication and encouraged developers to adopt trusted publishing options.
MetaMask contributors also shared practical advice on securing local development setups.
A related effort, the TrapDoor campaign, deployed dozens of AI-assisted malicious packages aimed at crypto, AI, and security developers.
These fake tools and prompt injection techniques spread across multiple package ecosystems, highlighting how artificial intelligence is now aiding threat actors in creating and distributing harmful code.
Importantly, May witnessed the first documented case of an AI prompt injection exploit successfully draining funds from a live wallet.
An attacker tricked xAI’s Grok model into authorizing a transfer of roughly $204,000 in DRB tokens from a Bankr wallet.
By embedding hidden commands in a coding query and leveraging an NFT-based authorization, the prompt led the automated system to execute the transaction.
The funds were later returned, raising questions about the attacker’s motives—possibly to demonstrate feasibility rather than steal permanently. This incident reveals emerging risks as AI agents gain financial capabilities.
DeFi protocols grappled with the aftermath of substantial earlier losses totaling around $587 million.
Following the April incidents, Drift Protocol outlined a recovery plan involving tokens tied to verified user losses, asset tracing, and bounties.
The protocol planned enhanced controls like multisig requirements and time-locks for its relaunch.
Meanwhile, analysis of the Kelp DAO breach emphasized the need for zero-trust designs, stricter governance, and verifiable standards as traditional finance entities increase on-chain involvement. Additional incidents, such as a THORChain exploit, further stressed the sector.
On the positive side, MetaMask supported the Clear Signing initiative through ERC-7730 to combat blind signing vulnerabilities exposed in prior hacks like Bybit.
This “What You See Is What You Sign” approach provides clear, human-readable transaction details. The Ethereum Foundation will maintain a neutral registry for descriptors.
Separately, TheDAO Security Fund achieved its largest quadratic funding round yet, securing 637 ETH to bolster Ethereum’s security projects, with significant contributions from partners like Wintermute.
Law enforcement delivered a major blow to scams, arresting 276 suspects and seizing over $700 million in crypto linked to investment fraud and pig butchering operations across multiple countries.
Smaller incidents involving phishing attempts, malicious/fake software apps, and Telegram mini-programs also served as reminders of persistent social engineering risks. The MetaMask report has concluded that May 2026 illustrated both the evolving ingenuity of attackers and the ecosystem’s increasingly proactive defenses.