Blockchain security firm PeckShield has reported that cryptocurrency hacks and related vulnerabilities resulted in roughly $52 million in stolen funds during March 2026. The total stemmed from about 20 significant incidents, marking a 96 percent jump from February’s $26.5 million haul and reversing a brief lull in early-2026 losses.
The most severe breach involved Resolv Labs, where attackers exploited a weakness in the project’s AWS Key Management Service.
They gained unauthorized access to cloud infrastructure and minted around 80 million unbacked USR stablecoin tokens.
The resulting depeg triggered roughly $25 million in direct losses and sparked secondary effects across interconnected DeFi platforms, including bad debts at protocols such as Morpho Blue, Euler, and Fluid.
PeckShield highlighted this “shadow contagion” phenomenon—where one compromise quickly cascades into broader systemic strain—as a growing concern beyond isolated thefts.
Other notable cases included a hybrid on-chain and off-chain attack on the Venus protocol that left approximately $2.18 million in unrecoverable bad debt.
High-profile individual targets also suffered: an on-chain personality known as lost $24 million in a coordinated physical and blockchain assault, while a Kraken whale fell victim to social engineering and forfeited $18 million, with some proceeds routed through cross-chain bridges like Thorchain.
These March figures align with broader industry tracking.
CertiK’s March security overview placed total losses from exploits, phishing, and scams near $59.5 million across a wider set of incidents, with wallet compromises and social engineering accounting for over 80 percent.
The firm noted that Q1 2026 overall saw $501 million drained in 145 events—still elevated, though below the prior year’s outlier-heavy start.
Longer-term research underscores persistent challenges.
Chainalysis’s 2026 Crypto Crime Report, which analyzed 2025 activity, documented stolen funds climbing to $3.4 billion, with North Korean-linked actors alone responsible for more than $2 billion through increasingly sophisticated DeFi and cross-chain tactics.
Scams reached an estimated $17 billion, fueled by a 1,400 percent surge in impersonation schemes and AI-assisted fraud.
The report signals a maturing threat landscape where nation-state operations and social-engineering vectors now rival or surpass pure technical exploits.
Immunefi’s State of Onchain Security 2026 report added another layer, estimating that the average exploit still costs projects around $25 million in immediate theft.
Median losses have declined somewhat, yet hacked tokens typically shed 61 percent of value within six months and rarely recover their pre-incident price.
The data illustrate that damage extends far beyond the initial drain, eroding user confidence and market capitalization over time.
March’s uptick—following $112 million in combined January and February losses—suggests attackers are adapting faster than defenses.
Cloud-service vulnerabilities, hybrid attack methods, and targeted social engineering now complement traditional smart-contract flaws.
Industry observers warn that without accelerated improvements in infrastructure hardening, multi-signature controls, and real-time monitoring, similar monthly spikes could become the norm rather than exceptions.
As the crypto sector matures, these recurring reports from PeckShield, Chainalysis, CertiK, and Immunefi serve as critical barometers.
They emphasize that while innovation drives growth, adequate security remains essential to safeguard assets and sustain long-term adoption. Stakeholders are urged to prioritize layered protections and rapid response protocols amid an environment where threats continue to professionalize.