Key Insights
- In March, the crypto industry recorded only $28.8 million in losses to Crypto Scams and exploits.
- This is a significant drop from the $1.5 billion Loss recorded in February, driven by the Bybit Hack.
- Code vulnerabilities and Wallet compromises accounted for over 70% of the total amount lost in March.
In March, losses accrued by the Crypto industry through scams and exploits dropped to $28.8 million, down from $1.5 billion in February.
Certik Alert’s monthly report revealed that Code vulnerabilities were the leading cause of losses, accounting for an $18 million deficit.
Wallet compromises came in second place, accounting for $8 million in losses. The Certik report contains a comprehensive breakdown of various exploits and the network on which they occurred. It also detailed the type of scam and attack, grouping them into categories.
$13 Million Loss on Abracadabra
The largest exploit for the month occurred on March 25, leading to a $13 million loss.
The exploit included a smart contract exploit of the decentralized lending protocol Abracadabra. Certik explained the modus operandi of the hackers involved in the heist in March. 27 report.
“The attacker was able to borrow funds, liquidate themselves, then borrow funds again without repaying them.”
“This was due to the liquidation process not overwriting records in RouterOrder that counted as collateral, allowing the exploiter to falsely borrow additional funds after liquidation,” CertiK said.
The Protocol team of the affected network offered a 20% bounty to recover the stolen funds.
$8.4 Million Loss on Zoth
Zoth, a real-world asset (RWA) restaking protocol on Ethereum, lost approximately $8.4 million in a security breach on March 21, 2025.
The attack stemmed from a compromised deployer wallet, which allowed the attacker to gain unauthorized control over the protocol’s systems.
Specifically, the hacker upgraded a proxy contract called “USD0PPSubVaultUpgradeable” to a malicious version they created. This upgrade, linked to a suspicious address, happened 30 minutes before blockchain security firm Cyvers Alerts detected the exploit.
Once in control, the attacker withdrew $8.4 million in Zoth’s USD0++ stablecoin, swapped it for 8.3 million DAI (another stablecoin), and transferred the funds to an external address. Some reports indicate the stolen assets were later converted into Ether (ETH).
The $8.4 million loss on Zoth was March’s second-most significant hack. The Zoth and Abracadabra hacks made up more than 70% of the total exploits in the industry last month.
Recoveries
Besides the $28.8 million loss in March, several recoveries were made, impacting the total monthly deficit.
Decentralized exchange aggregator 1inch recovered $5 million stolen from the exchange on March 5th, reducing the monthly deficit.
Popular Online Sleut Zach XBT revealed undocumented cases of losses by a client claiming to have lost 400 Bitcoins.
He said $46 million could have been lost to phishing scams targeted at crypto exchanges in March.
In February, Bybit suffered the biggest hack in crypto history, resulting in a $1.5 billion loss. Hacks and Exploits dropped significantly the following month with just a $28.8 million loss recorded.
