Crypto & Ransomware Brief — June 1, 2026
Ransomware Payment Rates Collapse as Attack Volume Surges
The ransomware payment landscape underwent a dramatic shift in 2025, with victim payment rates dropping to an all-time low of 28% despite a 50% surge in attack volume, according to Chainalysis. Total ransomware payments fell to approximately $820 million, down 8% from 2024, as organizations improved incident response capabilities and negotiation strategies. A five-year census of 65,907 exposed databases revealed that 62% of attacker ransom wallets received zero bitcoin payments—though attackers destroyed or exfiltrated the data regardless. The FBI's 2025 cybercrime report documented $21 billion in losses from over one million complaints, with healthcare showing structural vulnerability: 460 ransomware incidents versus 182 data breaches. The declining payment rate signals a fundamental shift in organizational preparedness, though threat actors are responding by increasing ransom demands and diversifying tactics.
DeFi Exploits Exceed $1 Billion; Exchange and Bridge Infrastructure Under Attack
Multiple high-value cryptocurrency incidents marked recent activity, pushing 2026 DeFi losses beyond $1 billion. LayerZero attributed the $290+ million Kelp DAO heist to North Korea's Lazarus Group, exploiting bridge infrastructure rather than smart contract vulnerabilities. Gravity Bridge suffered a $5.4 million exploit with attackers stealing USDC, wrapped ETH, Tether, and PAX Gold before laundering proceeds through swap services. Kyrgyzstan-based Grinex exchange halted all trading after hackers stole $13-15 million USDT from hot wallets in a coordinated breach. Gnosis Pay disclosed a security incident linked to a Zodiac Delay Module vulnerability enabling unauthorized transactions from Safe wallets. The Gentlemen ransomware-as-a-service operation—responsible for 400+ public victims—experienced an internal breach in May exposing their complete operational structure, affiliate program, and backend database. Analysis of 2026's largest DeFi exploits, including the $285 million Drift Protocol breach, shows attackers increasingly targeting governance weaknesses rather than smart contract code vulnerabilities.
Sources: TechRadar · SOS Ransomware · Ransom News · abhs.in · TechCrunch · Coinotag · Bitget · Bloomingbit · Check Point · Travers Smith
