Shadow Contagion Strikes: Hackers Gobble Up $52M in March, Nearly Doubling February's Meager Snack

March 2026 came in like a lion and left like a pack of wolves with rug pulls. Hackers made off with over $52 million across 20 major incidents—a whopping 96% surge from February's $26.5 million pile-up. That February figure happened to be the lowest monthly loss in 11 months. Oops. Someone at PeckShield definitely just spit out their coffee.

The spike signals a return to elevated threat levels, and PeckShield is calling the real damage the 'Shadow Contagion.' Nothing says "we're totally in control of this situation" like naming the disaster after a spooky sci-fi phenomenon.

Resolv Labs took the crown as March's biggest victim. An attacker compromised the project's cloud infrastructure and accessed its AWS Key Management Service environment, enabling an 80 million USR token 'infinite mint.' By the end of the exploit, roughly $25 million in ETH had been extracted. USR crashed hard. Like, FDIC-would-be-concerned hard.

The fallout didn't stay contained. USR's collapse created bad debt across Fluid, Morpho Blue, and Euler Finance. It's almost like infinite minting tokens tends to have cascading effects on DeFi protocols that actually do math. Who knew?

But here's the scary part: physical and social engineering attacks are back with a vengeance. Pseudonymous trader Sillytuna lost $24 million in early March after attackers resorted to violence, weapons, and kidnapping threats. Meanwhile, a separate social engineering hit on a Kraken account holder drained approximately $18 million. Venus Protocol (XVS) closed out the month with $2.15 million in bad debt. Turns out, 2FA doesn't stop