CertiK’s March Report Reveals Biggest Crypto Threats as Kraken User Loses $18.2M
The post CertiK’s March Report Reveals Biggest Crypto Threats as Kraken User Loses $18.2M appeared first on Coinpedia Fintech News
CertiK’s March 2026 security report confirms $59,509,931 lost to exploits, phishing, and scams – with just $21,912 returned. That is a recovery rate of 0.04%.
Wallet compromise led all categories at $26,846,293, followed closely by phishing at $21,408,097. Together the two account for over 80% of March’s total losses. By attack type, DeFi protocols suffered the most at $32.8M, followed by social engineering at $18M.
The single largest exploit was Resolv, which lost $26,846,293 to a wallet compromise.
Q1 2026 Closed With $501M Across 145 Incidents
Zooming out, Q1 2026 closed with $501M in confirmed losses across 145 incidents per CertiK. That figure represents a significant drop from Q1 2025’s $1.67B, though the comparison requires context. Last year’s total was heavily distorted by the $1.4B Bybit hack.
Excluding that single incident, the quarter-on-quarter improvement looks considerably less reassuring.
Also Read: Bitcoin Monthly Close: 5 Months In the Red, But Bulls Are Watching THIS Signal
The Hack That Closed the Quarter
As the report dropped, a live incident was already unfolding. An unknown Kraken user lost $18.2M in a suspected social engineering attack, with the threat actor bridging stolen funds from Ethereum to Bitcoin via THORChain. The incident was flagged by on-chain investigator ZachXBT.
The Kraken victim was not compromised through a technical exploit. According to ZachXBT, the attacker used social engineering to manipulate the user into surrendering access to their funds.
THORChain and the Biggest Thefts of 2026
The Kraken attacker is routing stolen funds through THORChain, the decentralised cross-chain protocol that has appeared repeatedly as the laundering route of choice in major 2026 thefts. THORChain is permissionless by design, which means there is no mechanism to freeze or intercept funds once they are in motion.
Social engineering has replaced code exploits as the dominant attack vector in 2026. The Kraken incident is a direct illustration of that shift.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
Subscribe to News
FAQs
Users should enable hardware wallets, multi-factor authentication, and verify all communications to prevent social engineering and unauthorized access.
As social engineering overtakes technical exploits, investors may face higher personal risk, increasing demand for user education and security-focused services.
Individual users and smaller DeFi participants are most at risk, as attackers exploit human error rather than weaknesses in blockchain code.
You May Also Like
SBI VC Trade Launches Ripple’s RLUSD in Japan
Bitcoin & Ethereum Inflows Hit 1-Year Low as Crypto Investors Brace for Fed Decision – BTC Eyes $120K
