In March 2026, the cryptocurrency sector suffered a significant surge in security breaches, with losses from hacks and exploits reaching approximately $52 million across 20 major incidents. This figure, reported by on-chain security firm PeckShield, represents a staggering 96% increase from the $26.5 million lost in February.
The most damaging attack targeted Resolv Labs, a stablecoin issuer. An attacker exploited a flaw in the company's Amazon Web Services Key Management Service (AWS KMS), enabling an "infinite mint" of approximately 80 million unbacked USR stablecoins. This breach drained over $25 million from the protocol. Despite Resolv Labs issuing a 72-hour ultimatum for the return of 90% of the funds, the assets were not recovered.
PeckShield emphasized that the real danger extends beyond the primary theft. The subsequent 80% crash in the USR stablecoin's value created "systemic bad debt" across interconnected DeFi lending protocols, including Morpho Blue, Euler, and Fluid. This phenomenon, termed "shadow contagion," highlights the growing interconnected risks within the DeFi ecosystem.
Other major incidents in March included a $24 million theft from an X user known as Sillytuna. The attacker reportedly stole Aave Ethereum USDC (aEthUSDC) in a violent, real-world attack involving weapons, kidnapping, and threats. The stolen funds were subsequently moved across Bitcoin, Monero, and various Layer 2 networks to obscure their trail. This event underscores a troubling trend of violent attacks targeting crypto-influential individuals.
Additional losses included approximately $2.18 million from the Venus protocol ($THE) and an $18 million loss by a Kraken whale due to social engineering. The cumulative impact of these attacks is profound, with some protocols facing existential threats. For instance, DeFi protocol Balancer recently announced it is closing Balancer Labs, citing challenges stemming from a $128 million exploit in November 2025.
