Top 3 DeFi Incidents in March
Resolv Protocol: ~$80M
On March 22, 2026, Resolv suffered a security breach, resulting in $80M* in losses.
The root cause was compromised privileged infrastructure keys. Using the stolen key, the attacker abused a privileged swap-finalization flow and minted over 80M USR without equivalent collateral across three exploit transactions. While the root cause was straightforward, this incident revealed a broader lack of security controls, both on-chain and off-chain. The project enforced no strict validation during the minting approval, nor did it have monitoring strategies in place to detect and respond to the breach in time.
Notably, the impact extended far beyond the 80M in unauthorized USR minting. Because Resolv assets were widely used as collateral across multiple lending protocols, the depeg triggered broader contagion. As reported by Chaos Labs, on-chain curators using automated yield-seeking allocation lacked real-time risk controls and continued directing fresh capital into already impaired markets. What began as a localized exploit quickly escalated into a cross-protocol contagion event, leaving lending protocols with millions in bad debt.
*The loss is estimated based on USR’s pegged value of $1.
BitcoinReserveOffering: ~$2.7M
On March 5, 2026, the BitcoinReserveOffering contract on Ethereum was exploited for approximately $2.7M.
The root cause was a flawed business logic in the mint() function, which executed the minting logic twice when processing a full ERC-3525 SFT deposit. Because ERC-3525 inherits from ERC-721, safe transfers trigger an onERC721Received() callback. Inside the callback, the BRO token amount was calculated and minted to the caller. However, after the callback returned, the outer mint() resumed and performed a second minting operation, doubling the BRO issued per deposit. This allowed the attacker to inflate their BRO balance through repeated burn-and-mint cycles in an attack transaction.
To prevent similar issues, protocols should ensure asset accounting occurs exactly once per deposit operation, with state updates committed before any external call capable of triggering a callback. Additionally, invariant checks should be added to guarantee that minted amounts never exceed the underlying deposited value.
Venus Protocol: ~$2.15M
On March 15, 2026, Venus’s THE (Thena) market on BNB Chain suffered a donation attack combined with market manipulation. This incident resulted in approximately $2.15M in protocol bad debt, while the exploiter incurred a net on-chain loss of ~$4.7M.
Venus is a Compound V2 fork lending protocol. The affected market uses THE as its underlying assets, which have shallow on-chain liquidity. The donation attack was made possible because the market contract derives totalCash from the contract’s raw balance. This allowed the attacker to donate THE directly to the market, which increased totalCashand inflated the exchangeRate. With this inflated collateral, the attacker borrowed liquid assets, swapped them for more THE and raised THE’s market price. These obtained THE tokens were further donated into the market, continuously escalating the attack's impact.
This incident serves as a warning to the lending protocols on two fronts: accounting logic and risk configuration. Protocols should implement manipulation-resistant accounting mechanisms that accurately reflect asset values and cannot be skewed by donation attacks. Additionally, critical risk parameters such as supply caps, borrow caps, and LTV (Loan-to-Value) ratios must be carefully configured to limit protocol exposure.
For a detailed analysis, read our deep-dive post:
https://blocksec.com/blog/venus-thena-donation-attack
The information above is based on data as of 00:00 UTC, March 31, 2026.
This concludes the January security incidents brief. For more in-depth analysis of blockchain security incidents and Web3 security trends, you can explore our resources.
You can learn more in our Security Incidents Library.
Stay informed and stay secure!
