March was a rougher month for crypto security than February, quite a bit rougher, actually. Blockchain security firm PeckShield’s monthly roundup counted 20 major hacks and exploits in the month, with total losses reaching approximately $52 million.
That’s a 96 percent jump from February’s $26.5 million, though it still sits well below the $86 million recorded in January. March’s numbers were shaped by a handful of incidents that ranged from a technical protocol breach to something considerably more disturbing.
The Resolv attack and its ripple effect
The single largest financial loss of the month came from Resolv Labs. An attacker exploited a compromised private key in Resolv’s AWS cloud infrastructure to trigger two massively inflated minting events on its USR stablecoin, creating around 80 million unbacked tokens and draining roughly $25 million from the protocol.
The damage didn’t stop at Resolv’s door. PeckShield described what it called “shadow contagion,” the idea that a stablecoin depeg aside from hurting the issuer, also spreads through every DeFi protocol that accepts that stablecoin as collateral.
USR’s price crashed 80 percent almost immediately, and PeckShield noted that the ripple created systemic bad debt across Morpho Blue, Euler and Fluid, three of the more widely used DeFi lending platforms. So while $25 million was the direct loss, the downstream damage to protocols that had USR sitting on their books was harder to quantify and potentially larger in practice.
Resolv issued a 72-hour ultimatum to the attacker demanding the return of 90 percent of the stolen funds. As of the time of reporting, nothing has come back.
A $24 million theft that wasn’t a protocol Hack
Then there was the Sillytuna incident and it’s a different kind of story entirely.
On March 5, a longtime crypto and NFT entrepreneur known online as Sillytuna, real name Alex Amsel, posted to X claiming that around $24 million in Aave Ethereum USDC had been stolen from him. But this wasn’t a smart contract exploit.
Amsel described a physical attack involving weapons, kidnapping and threats of sexual assault, adding that law enforcement was involved. “Bruised, held off while I could, but can’t do that much with axes over your hands and feet,” he wrote. He ended the post by saying he was “definitely out of crypto.”
Blockchain analytics firm Arkham tracked the stolen funds as they were moved across Layer 2 networks, Bitcoin and Monero in what appeared to be a deliberate effort to obscure the trail. PeckShield separately confirmed the on-chain activity, noting the attacker converted portions of the funds into privacy coins and routed others through centralized exchanges including OKX, MEXC and Bitkan. Amsel offered a 10 percent bounty for any recovery, even extending the offer to those involved in the theft. Recovery looks unlikely though.
The incident fits the physical attacks pattern that’s been building for a while on crypto holders, sometimes called “wrench attacks,” which accelerated sharply in 2025 and into 2026, with documented cases ranging from kidnapping to home invasions across multiple countries. The transparency of on-chain wealth, often touted as a feature, is increasingly doubling as a targeting map for criminals who don’t need to break any code.
PeckShield also flagged two other notable incidents from the month: Venus Protocol suffered $2.18 million in bad debt through a combination of on-chain and off-chain manipulation, while a Kraken whale lost $18 million to targeted social engineering.
The fallout beyond the numbers
The broader consequences of the month’s activity are still playing out. DeFi protocol Balancer announced last week that it is shutting down Balancer Labs, citing the financial strain caused by a $128 million exploit in November 2025.This goes to show that not every hacked project recovers, some don’t even survive the reputational and financial damage long enough to try.
March’s $52 million total is also a reminder that the threat environment in crypto is genuinely diverse now. Protocol vulnerabilities, cloud infrastructure failures, social engineering and real-world violence all contributed to the monthly losses. They require different defenses, and no single fix addresses all of them.