Crypto Exploits, Scam Losses Fall to $28.8M in March After February Spike
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Crypto exploit and scam losses in March dropped to a net total of $28.8 million after a February surge that reached $1.5 billion. The spike in February was largely due to the Bybit exploit.
In an April 1 post on X, blockchain security firm CertiK reported that although $33 million in funds were stolen throughout March, decentralized exchange aggregator 1inch recovered a significant portion of the $5 million lost in a March 5 exploit through a bug bounty agreement, reducing overall losses.
Combining all the incidents in March we’ve confirmed ~$28.8M lost to exploits, hacks and scams after ~$4.8m was returned in the 1inch Resolver incident.
~$4.5M of the total is attributed to phishing.
Figures exclude the reported ~$32m theft from a… pic.twitter.com/Q2BHujUJpk
— CertiK Alert (@CertiKAlert) March 31, 2025
March Exploits: Over $33M Stolen, Aggregator Recovers $5M
The CertiK report showed that code vulnerabilities accounted for more than $14 million of the losses, while wallet compromises led to over $8 million in thefts.
The most significant incident occurred on March 25 when a $13 million smart contract exploit targeted the decentralized lending protocol Abracadabra.
However, the DEX claims to have repaid over 50% of the losses in less than 36 hours.
In a blog post on March 27, CertiK also detailed how the attacker manipulated the liquidation process by exploiting a flaw in RouterOrder.
This vulnerability allowed the attacker to borrow funds, liquidate, and then borrow additional funds without repaying the initial amounts.
In response, the protocols team has increased the bounty for returning funds from the standard 10% to 20%. If accepted, the perpetrator would keep over $2.6 million out of the valued $12.9 million exploited. There have been no public updates on any returns so far.
Separately, Zoth suffered the second most significant breach of the month when an attacker accessed more than $8.4 million in crypto assets through a compromised deployer wallet.
The reported totals do not include an incident reported by crypto sleuth ZachXBT on his Telegram channel. He noted that an unknown Coinbase user lost 400 Bitcoin, worth an estimated $34 million at the time.
ZachXBT also warned that phishing scams spoofing crypto exchanges could have led to potential losses exceeding $46 million in March.
Growing Concerns About Crypto Scams
Phishing scams involve impersonating reputable organizations to deceive individuals into revealing sensitive data such as passwords, account details, or private keys.
Fraudulent emails or links direct users to counterfeit websites, exploiting crypto wallets’ single private key vulnerability and significantly raising the risk of irreversible fund loss.
According to data from the FTC, the severity of crypto phishing scams has led to losses of over $133 million since 2021.
These incidents continue to raise growing concerns within the crypto community about issues of scams and thefts in the industry.
Although some perpetrators of these scams and hacks are now being identified and charged, one such actor is Canadian Andean Medjedovic, who was accused of exploiting KyberSwap and Indexed Finance to steal $65M and launder funds.
Authorities and crypto bodies continue to provide guidance and advice to the public on how to avoid crypto scams, offering tips such as securing their devices with reliable software, verifying links through trusted sources, recognizing authentic branding, and closely inspecting hyperlinks for misdirection.
