Losses to crypto hacks, scams, and exploits dropped sharply in March, falling to $28.8 million after February’s total surged to over $1.5 billion, largely due to the Bybit hack. The decline follows the recovery of stolen funds from a major March incident involving decentralized exchange aggregator 1inch.
CertiK, a blockchain security firm, confirmed that although more than $33 million was lost in March, the successful return of $4.8 million from the 1inch Resolver exploit reduced the net figure. The firm noted, “Figures exclude the reported ~$32 million theft from a Coinbase user.”
Abracadabra.money, known as MySpell, accounted for the largest single exploit. On March 25, the protocol lost $12.9 million in a smart contract exploit. According to CertiK’s March 27 report, “The attacker was able to borrow funds, liquidate themselves, then borrow funds again without repaying them.” The vulnerability stemmed from the liquidation process failing to overwrite records, allowing the attacker to use the same collateral repeatedly.
In response, the project offered a 20% bounty—double the industry standard—to incentivize the return of the funds. As of CertiK’s update, no confirmation has been provided on whether the funds have been recovered.
The second largest incident involved the Zoth protocol, which suffered a $8.5 million loss after its deployer wallet was compromised. Other targeted projects included WKeyDAO, Sir.Trading, Envelop, and meme coin Nootcoin, with losses ranging from $700,000 to $100,000.
DeFi Remains the Primary Target
Decentralized finance (DeFi) platforms made up over 80 percent of the total value stolen in March. CertiK reported $27.1 million in losses from DeFi protocols, followed by NFT-related losses of $737,321, bridge protocols at $279,453, meme coins at $210,150, and deflationary tokens at $138,189.
Code vulnerabilities were the most exploited technical weakness, resulting in $14.4 million in confirmed losses. Wallet compromises followed, accounting for $8.85 million. Access control flaws were responsible for $5.47 million in losses, while phishing attacks accounted for approximately $4.5 million.
Phishing losses rose from $1.9 million in February to levels near January’s $3.8 million. CertiK stated that the March phishing losses equaled about $4.5 million, with some incidents involving fake crypto exchange messages and wallet recovery scams. On March 21, Australian federal police notified 130 people about a scam that used spoofed sender IDs of known exchanges.
CertiK also highlighted reports from blockchain investigator ZachXBT, who claimed a Coinbase user lost 400 Bitcoin—worth roughly $34 million—in a phishing attack. ZachXBT estimated that phishing scams may have led to more than $46 million in losses in March alone. These figures were not included in CertiK’s final tally.
Flash loan attacks remained at zero in March, unchanged from February—a rare consistency in an otherwise volatile month dominated by phishing, code exploits, and wallet compromises.
