$56M Stolen, 13 Exploits, 4 Supply Chain
Attacks — March 2026 Was a Bloodbath for Web3 Security
March 2026 saw over $56 million drained across 13 on-chain exploits and 4 critical supply chain attacks targeting developers. From the $25M ResolvLabs minting catastrophe to North Korean npm malware and zero-click Python backdoors — here's the full breakdown.
AUTOSEC.DEV
- Coverage Period: March 1–31, 2026
- Total On-Chain Losses: ~$56,000,000+
- Security Events Tracked: 13
- Vulnerability Alerts Issued: 4
- Most Devastating Incident: ResolvLabs — $25M
- Emerging Threat: Developer toolchain supply chain poisoning
Key Takeaway
March 2026 delivered a clear message: attackers are now operating on two fronts simultaneously — exploiting DeFi protocol logic on-chain while poisoning the very tools developers use to build. The convergence of Web3 exploits and Web2 supply chain attacks marks a dangerous new chapter. No one — from protocols managing billions to solo developers running npm install — was safe.
By The Numbers: On-Chain Carnage
March saw 13 distinct security incidents across Ethereum, BSC, Polygon zkEVM, and HypeEVM, collectively draining over $56 million. Here's what happened:
| Date | Project | Loss | Attack Vector |
|---|---|---|---|
| Mar 2 | Inverse Finance | ~$240K | Price Manipulation |
| Mar 3 | UniswapV4 Router04 | ~$42K | Privilege Bypass (Inline Assembly) |
| Mar 5 | Inugami | ~$8.75K | Staking Logic Flaw |
| Mar 5 | sillytuna (Address Poisoning) | ~$24M | Address Poisoning |
| Mar 6 | Solv Protocol | ~$2.73M | Double-Minting (Reentrancy) |
| Mar 10 | Gondi | ~$230K | NFT Authorization Flaw |
| Mar 12 | DBXen | ~$150K | ERC-2771 Identity Confusion |
| Mar 12 | bonk.fun | $0 (Contained) | Domain Hijacking |
| Mar 16 | Venus Protocol | ~$3.7M | Low-Liquidity Collateral Manipulation |
| Mar 17 | dTRINITY | ~$257K | First-Deposit Inflation |
| Mar 18 | Keom Protocol | ~$94K | Redemption Logic Error |
| Mar 23 | ResolvLabs | ~$25M | Minting Logic Vulnerability |
| Mar 31 | InfinitySix | ~$270K | Oracle/TWAP Manipulation |
The Big Three: Incidents That Shook the Industry
1. ResolvLabs — $25M Evaporated in a Single Transaction
The largest exploit of the month. An attacker turned 200,000 USDC into 80 million $USR by exploiting a critical minting logic flaw. Because direct $USR liquidity was thin, the attacker laundered through $wstUSR staking pools and converted everything to ETH. The $USR stablecoin lost 80% of its peg within hours. The attacker's wallet still holds ~11,400 ETH and 20M $wstUSR.
Lesson: Minting functions are critical infrastructure. Rate limits, multi-sig governance, and circuit breakers on abnormal mint volumes are non-negotiable.
2. sillytuna Address Poisoning — $24M Drained
A textbook address poisoning attack siphoned ~$24M in aEthUSDC from addresses linked to on-chain persona "sillytuna." The attacker began bridging funds to Arbitrum in small batches to obscure the trail. ~$20M in DAI was moved through intermediary wallets.
Lesson: Address poisoning continues to be one of the highest-ROI attack vectors. Wallet UIs must implement stronger address validation, and users must verify full addresses — not just the first and last characters.
3. Venus Protocol — $3.7M via Low-Liquidity Collateral
The attacker deposited massive amounts of the low-liquidity $THE token as collateral, borrowed 20 BTC, 1.5M CAKE, and 200 BNB, then triggered cascading liquidations. A single user controlled over 60% of the collateral pool — a concentration risk that should have triggered automated safeguards.
Lesson: Lending protocols must enforce collateral concentration limits and real-time liquidity depth checks before accepting low-cap assets.
The Developer Front: Supply Chain Attacks Are Escalating
March's most alarming trend wasn't on-chain — it was in your node_modules and Python environments. Four critical supply chain attacks targeted the developer toolchain directly:
North Korean npm Campaign (FAMOUS CHOLLIMA)
The DPRK-linked threat group published 26 malicious npm packages (e.g., argonist, bcryptance, expressjs-lint) masquerading as legitimate utilities. The packages deployed RATs that harvested SSH keys, Git credentials, browser passwords, and clipboard data. C2 resolution used steganography via Pastebin. Risk: Critical.
LiteLLM — Zero-Click Python Backdoor
Threat actor TeamPCP compromised upstream Trivy's GitHub Action to steal LiteLLM's PyPI publishing token. The poisoned versions (1.82.7, 1.82.8) included a .pth file that executes automatically when any Python process starts — no import needed. The payload harvested SSH/cloud/K8s credentials, attempted Kubernetes container escapes, and installed a persistent systemd backdoor polling C2 every 50 minutes. Risk: Critical.
Apifox Desktop — CDN Script Tampering
Apifox's CDN-hosted event tracking script was tampered with, turning the popular API development tool into a credential stealer. The payload targeted SSH keys, Git credentials, shell history, and Apifox project data. Exfiltration used Gzip + AES-256-GCM encryption to evade detection. Risk: Critical.
OpenAI Codex Desktop — Zero-Authorization RCE
A vulnerability discovered by DARKNAVY allowed remote code execution simply by opening a folder in OpenAI Codex. The exploit bypassed the Default Permission model entirely — no popups, no prompts, no user interaction required. Over 2 million developers were potentially affected. Risk: Critical.
Attack Vector Breakdown
The 17 incidents tracked in March reveal a diversifying threat landscape:
- Logic/Design Flaws: 5 incidents (Inugami, Solv, Keom, dTRINITY, ResolvLabs)
- Oracle/Price Manipulation: 3 incidents (Inverse Finance, Venus, InfinitySix)
- Supply Chain Poisoning: 3 incidents (FAMOUS CHOLLIMA npm, LiteLLM, Apifox)
- Social Engineering / Phishing: 2 incidents (Address Poisoning, bonk.fun Domain Hijack)
- Access Control Flaws: 2 incidents (UniswapV4 Router04, Gondi)
- Identity Confusion: 1 incident (DBXen ERC-2771)
- AI Toolchain Vulnerability: 1 incident (OpenAI Codex RCE)
Trends to Watch in Q2 2026
- Supply chain attacks are now a Web3 problem. Three of the four supply chain incidents this month directly targeted crypto/Web3 developer tooling. Expect this to intensify.
- Oracle manipulation isn't going away. Despite years of industry awareness, TWAP-based and low-liquidity oracle exploits remain profitable. Protocols continue to launch without adequate price feed validation.
- AI development tools are the new attack surface. The OpenAI Codex RCE demonstrates that AI coding assistants — tools that inherently require broad system access — are high-value targets. As adoption grows, so will exploitation.
- First-deposit/inflation attacks persist on forks. The dTRINITY incident is yet another Aave-fork falling to a well-known vulnerability pattern. Forked protocols must audit beyond the upstream codebase.
AUTOSEC.DEV Solution: Building a 360-Degree Defense
To counter hybrid attacks involving "Web2 Breach + Web3 Monetization," AUTOSEC.DEV provides comprehensive protection from code to personnel:
- Team OPSEC (Operations Security) Audit & Hardening: We provide enterprise-grade security training and configuration for core Web3 team members. We assist teams in deploying security hardware and risk detection software to increase the difficulty of social engineering attacks, while auditing password management protocols and device security policies.
- End-to-End Incident Response (IR): In an emergency, every second of confusion amplifies the loss. AUTOSEC.DEV provides standardized SOPs (Standard Operating Procedures) and rapid response services tailored to specific business needs to help projects mitigate losses quickly.
Service Content
- AUTOSEC.DEV - Security Awareness Training
- AUTOSEC.DEV - Incident Response Service
- AUTOSEC.DEV - Security Strategy & Planning