Advertise
- Zafar Naik
Zafar Naik
- Reviewed by:
Nidhi KolhapurNidhi is a Certified Digital Marketing Executive and Passionate crypto Journalist covering the world of alternative currencies. She shares the latest and trending news on Cryptocurrency and Blockchain.
- Mar 31, 2026 13:29 UTC
-
CertiK’s March Report Reveals Biggest Crypto Threats as Kraken User Loses $18.2M
A Kraken user just lost $18.2M to a social engineering attack, with stolen funds actively moving via THORChain.
CertiK's March report confirms $59.5M lost across the month with just $21,912 recovered.
Q1 2026 closed with $501M in crypto losses across 145 incidents, and social engineering is increasingly the attack of choice.
CertiK’s March 2026 security report confirms $59,509,931 lost to exploits, phishing, and scams – with just $21,912 returned. That is a recovery rate of 0.04%.
Wallet compromise led all categories at $26,846,293, followed closely by phishing at $21,408,097. Together the two account for over 80% of March’s total losses. By attack type, DeFi protocols suffered the most at $32.8M, followed by social engineering at $18M.
The single largest exploit was Resolv, which lost $26,846,293 to a wallet compromise.
Q1 2026 Closed With $501M Across 145 Incidents
Zooming out, Q1 2026 closed with $501M in confirmed losses across 145 incidents per CertiK. That figure represents a significant drop from Q1 2025’s $1.67B, though the comparison requires context. Last year’s total was heavily distorted by the $1.4B Bybit hack.
Excluding that single incident, the quarter-on-quarter improvement looks considerably less reassuring.
Also Read: Bitcoin Monthly Close: 5 Months In the Red, But Bulls Are Watching THIS Signal
The Hack That Closed the Quarter
As the report dropped, a live incident was already unfolding. An unknown Kraken user lost $18.2M in a suspected social engineering attack, with the threat actor bridging stolen funds from Ethereum to Bitcoin via THORChain. The incident was flagged by on-chain investigator ZachXBT.
The Kraken victim was not compromised through a technical exploit. According to ZachXBT, the attacker used social engineering to manipulate the user into surrendering access to their funds.
THORChain and the Biggest Thefts of 2026
The Kraken attacker is routing stolen funds through THORChain, the decentralised cross-chain protocol that has appeared repeatedly as the laundering route of choice in major 2026 thefts. THORChain is permissionless by design, which means there is no mechanism to freeze or intercept funds once they are in motion.
Social engineering has replaced code exploits as the dominant attack vector in 2026. The Kraken incident is a direct illustration of that shift.
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
FAQs
Users should enable hardware wallets, multi-factor authentication, and verify all communications to prevent social engineering and unauthorized access.
As social engineering overtakes technical exploits, investors may face higher personal risk, increasing demand for user education and security-focused services.
Individual users and smaller DeFi participants are most at risk, as attackers exploit human error rather than weaknesses in blockchain code.
Trust with CoinPedia:
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
Investment Disclaimer:
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored and Advertisements:
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
Yes 
No 
