Crypto losses hit $52 million across 20 incidents in March 2026, a 96% surge from February, driven by cloud infrastructure breaches and a disturbing rise in physical violence against high-value holders.
Cryptocurrency attackers are no longer just exploiting smart contract bugs. March 2026 made that brutally clear, with $52 million drained across 20 major incidents, nearly double the $26.5 million lost in February. The first quarter of the year has now accumulated over $164 million in losses, and the nature of these attacks is shifting in ways that should concern anyone holding significant digital assets.
The single largest incident involved Resolv Labs and its USR stablecoin. An attacker compromised Resolv's cloud infrastructure, specifically its AWS Key Management Service, and used that access to mint 80 million unbacked USR tokens. The attacker then converted the position into roughly $25 million in ether. The stablecoin crashed, and the damage did not stop at Resolv's door. DeFi lending protocols Fluid, Morpho Blue, and Euler Finance all absorbed bad debt from the resulting price dislocation, a pattern blockchain security firm PeckShield described as "Shadow Contagion." One protocol's failure rippled through interconnected money markets, and no one holding positions on those platforms could have anticipated the exposure.
This matters because the attack vector was not a code vulnerability. It was a cloud security failure, the kind of breach that has plagued traditional enterprises for years. As crypto projects increasingly rely on centralized cloud providers for critical infrastructure, they inherit the same risks that Fortune 500 companies face, but with far more immediate and transparent financial consequences.
Perhaps the most alarming trend in March was not technical at all. Pseudonymous trader Sillytuna lost $24 million after attackers used physical violence, weapons, and kidnapping threats to force the transfer of funds. A separate social engineering attack on a Kraken account holder resulted in roughly $18 million in losses.
These are not isolated incidents. The crypto industry has seen a steady increase in physical attacks on high-net-worth holders and executives over the past two years, particularly in Europe and Southeast Asia. The pseudonymous nature of crypto wealth makes holders attractive targets: attackers know the funds exist on-chain, and they know recovery options are limited once a transaction is signed under duress. For founders, whale investors, and anyone with a public profile tied to significant holdings, personal security planning is no longer optional. Travel protocols, trusted signers, multi-signature wallets with time locks, and even residential security assessments are becoming standard practice among large holders.
Protocol-Level Vulnerabilities Persist
Venus Protocol closed out March by incurring $2.15 million in bad debt, a reminder that DeFi's composability continues to be a double-edged sword. When one protocol's tokens lose their peg or their collateral value collapses, downstream lending markets, leveraged positions, and liquidation engines all absorb the shock simultaneously.
The first quarter's $164 million toll puts the industry on track for roughly $650 million in annual losses from exploits and hacks if the pace holds. That would represent a decline from the roughly $1.7 billion lost in 2023, but the trendline is moving in the wrong direction quarter over quarter. February's relatively calm $26.5 million in losses, the lowest monthly figure in 11 months, now looks like an anomaly rather than an improvement.
For investors and builders, the takeaway is straightforward. Threat models need to expand beyond smart contract audits. Cloud infrastructure, key management, social engineering resilience, and physical security all belong in the same risk framework. The protocols that survive the next cycle will be the ones that treat security as a holistic operational challenge, not just a code review checkpoint.
