InvestMarketplaceEquityNews
CertiK's March Report Reveals Biggest Crypto Threats as Kraken User Loses $18.2M
Company Updates

CertiK's March Report Reveals Biggest Crypto Threats as Kraken User Loses $18.2M

Coinpedia - Fintech & Cryptocurreny News Media| Crypto Guide28d ago

Q1 2026 closed with $501M in crypto losses across 145 incidents, and social engineering is increasingly the attack of choice.

CertiK's March 2026 security report confirms $59,509,931 lost to exploits, phishing, and scams - with just $21,912 returned. That is a recovery rate of 0.04%.

Wallet compromise led all categories at $26,846,293, followed closely by phishing at $21,408,097. Together the two account for over 80% of March's total losses. By attack type, DeFi protocols suffered the most at $32.8M, followed by social engineering at $18M.

The single largest exploit was Resolv, which lost $26,846,293 to a wallet compromise.

Zooming out, Q1 2026 closed with $501M in confirmed losses across 145 incidents per CertiK. That figure represents a significant drop from Q1 2025's $1.67B, though the comparison requires context. Last year's total was heavily distorted by the $1.4B Bybit hack.

Excluding that single incident, the quarter-on-quarter improvement looks considerably less reassuring.

Also Read: Bitcoin Monthly Close: 5 Months In the Red, But Bulls Are Watching THIS Signal

As the report dropped, a live incident was already unfolding. An unknown Kraken user lost $18.2M in a suspected social engineering attack, with the threat actor bridging stolen funds from Ethereum to Bitcoin via THORChain. The incident was flagged by on-chain investigator ZachXBT.

The Kraken victim was not compromised through a technical exploit. According to ZachXBT, the attacker used social engineering to manipulate the user into surrendering access to their funds.

The Kraken attacker is routing stolen funds through THORChain, the decentralised cross-chain protocol that has appeared repeatedly as the laundering route of choice in major 2026 thefts. THORChain is permissionless by design, which means there is no mechanism to freeze or intercept funds once they are in motion.

Social engineering has replaced code exploits as the dominant attack vector in 2026. The Kraken incident is a direct illustration of that shift.

Originally published by Coinpedia - Fintech & Cryptocurreny News Media| Crypto Guide

Read original source →
Kraken