March’s $52 million loss was bad enough, but April started with a single incident that led to $285 million in theft.
Cryptocurrency hacks increased by 96% in March 2026, with fraudsters stealing approximately $52 million in large-scale incidents, according to a report by blockchain security firm Peckshield.
He added that a new trend called “shadow contagion” means that the impact of these attacks is spreading to other DeFi platforms, meaning unaffected protocols will have to deal with bad debt as a result.
Crypto hacking is causing ripple effects
PeckShield identified 20 separate cryptocurrency exploits in March 2026, and the $52 million lost to the industry as a whole in these incidents is nearly double the $26.5 million it said was stolen in February.
The platform added that these attacks are now causing a phenomenon that experts call a “shadow contagion” beyond the initial losses. Security researchers note that exploits no longer behave like isolated incidents. Rather, a single breach creates a ripple effect, destabilizing lending markets, depleting liquidity pools, and creating bad debt for protocols that were not directly compromised.
PeckShield said in an X post that March’s biggest security incident shows how this happens. Last month, attackers exploited a vulnerability in the AWS key management system to hack ResolvLabs and were able to mint 80 million USR tokens. This breach resulted in approximately $25 million in direct losses and bad debts on several other protocols including Morphoblue, Euler, and Fluid.
Similarly, hackers circumvented Venus Protocol’s Tena (THE) market supply cap, inflated collateral positions to more than three times the intended limit and borrowed nearly $15 million in assets. Initial reports indicated the incident as a $3.7 million exploit, but on-chain investigation shows the attackers ended up losing more than $4 million and generating $2.18 million in bad debt.
Other major exploits that occurred during this period include attacks against individuals. One was the theft of $24 million worth of cryptocurrencies belonging to online persona Sillytuna, which involved physical coercion and smart contract manipulation, and the other was the theft of $18 million worth of ETH from the Kraken whale through social engineering. According to on-chain data, Kraken users initially acquired 8,662 ETH, and the criminals accessed their wallets and bridged $1.7 million worth of ETH through Thorchain, injecting an additional 5,347.9 ETH into the HitBTC platform.
You may also like:
April opens with a loss of $285 million
Elsewhere, data from security researcher Jussy shows additional exploits for DeFi platforms such as Cyrus Finance, which was hit with a $5 million flash loan pool share exploit on March 22, and Solv, a preparatory protocol on the Bitcoin network that lost $2.7 million on March 5.
Meanwhile, April started on a dire note, with a scheme planned in March resulting in approximately $285 million in losses from Solana’s perpetual futures exchange, Drift Protocol. In the aftermath of the incident, blockchain researcher ZachXBT accused stablecoin issuer Circle of having the attackers bridge millions of USDC from Solana to Ethereum in about 100 transactions.
Binance Free $600 (CryptoPotato Exclusive): Receive an exclusive welcome offer of $600 on Binance when you register a new account using this link (more details).
Exclusive offer for Bybit’s CryptoPotato readers: Use this link to register and open a $500 free position on any coin!
