March 2026 produced 20 major crypto hacks totaling $52 million in losses, nearly doubling February's tally and marking the sharpest month-over-month escalation so far this year. A single exploit on stablecoin protocol Resolv Labs accounted for roughly half the damage, raising pointed questions about off-chain infrastructure security across DeFi.
PeckShield Tallied $52M in March Hack Losses, Up 96% From February
Blockchain security firm PeckShieldAlert reported on April 1 that March 2026 saw 20 major crypto hacks totaling $52 million. The firm put February 2026 losses at $26.5 million, making March's figure a 96% month-over-month increase.
#PeckShieldAlert In March 2026, the crypto space saw 20 major hacks totaling $52M - a 96% MoM surge from February ($26.5M). But the real damage lies in the "Shadow Contagion".#Tophacks:
— PeckShieldAlert (@PeckShieldAlert) April 1, 2026
- @ResolvLabs ($USR) De-peg: An AWS KMS breach enabled an 80M USR "infinite mint" (~$25M... pic.twitter.com/huohE79th6
Source: @PeckShieldAlert on X
PeckShield also referenced what it called "Shadow Contagion," suggesting the real damage extended beyond the directly tallied losses. However, the firm did not publish a separate methodology or quantified breakdown for that framing in the sourced post.
The $52 million aggregate and the 20-incident count both originate from PeckShield's own classification. No standalone monthly report page was located to independently corroborate the March-versus-February comparison, so the figures are best treated as PeckShield's tally rather than an independently reconstructed dataset.
The Resolv USR Exploit Drove the Bulk of March's Losses
The largest single contributor to the monthly spike was the March 22 exploit of Resolv Labs, the protocol behind the USR stablecoin. CertiK's incident analysis estimated roughly $26.8 million in losses from the attack, meaning this one event accounted for more than half of PeckShield's March total.
The exploit did not stem from a smart contract vulnerability. CertiK reported that attackers compromised Resolv's AWS Key Management Service, gaining access to the SERVICE_ROLE used to authorize USR minting. This is an off-chain infrastructure failure, not an on-chain logic bug.
Chainalysis traced the attack mechanics in detail. The attacker used roughly $100,000 to $200,000 in USDC deposits to mint approximately 80 million unbacked USR and extracted an estimated $25 million in ETH before Resolv halted operations.
The over-minting crashed USR from its $1 peg to $0.03, a collapse of more than 97%. The depeg triggered a chain reaction: Lista DAO and Re7 Labs both paused pools exposed to USR. The incident underscores the type of stablecoin safeguard concerns that regulators have increasingly flagged.
Resolv's official site confirmed the team was investigating unauthorized minting of USR but stated that the collateral pool remained fully intact with no underlying assets lost. Decrypt reported that about $9 million in USR had been burned to reduce impact, and that the protocol paused all functions while working with law enforcement and on-chain analytics firms.
What the Data Confirms and What Remains Unclear
The sourced evidence firmly establishes three things. First, PeckShield counted 20 major hacks in March totaling $52 million. Second, the Resolv exploit on March 22 was the single largest incident, with independent estimates from CertiK and Chainalysis converging around $25 million to $26.8 million in losses. Third, the attack vector was compromised cloud key infrastructure, not a flaw in on-chain contract logic.
What remains less clear is the composition of the other roughly $25 million in March losses. PeckShield's post did not include the full incident list or its criteria for classifying a hack as "major." Without that breakdown, readers should treat the aggregate as an attributed figure rather than an independently verifiable sum.
The Resolv case fits a pattern that security analysts have highlighted throughout early 2026: the growing importance of off-chain key management as a failure point in otherwise audited protocols. Even as institutional crypto activity expands, the infrastructure securing protocol admin keys has not kept pace.
The broader market backdrop reinforces the cautious mood. The Fear and Greed Index sat at 8 on April 1, deep in "Extreme Fear" territory, with security coverage clustering heavily around the Resolv exploit as March's defining incident.
For DeFi protocols, the lesson from Resolv is specific: an audit of smart contract code does not cover the cloud infrastructure holding the keys that control those contracts. Until key management receives the same scrutiny as on-chain logic, exploits rooted in off-chain service roles will continue to represent a systemic blind spot.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.