What changed

Twenty crypto exploits hit the market in March 2026, producing roughly $52 million in stolen funds and spotlighting how thefts can cascade into lending books, not just wallets. (Reporting tracking the month’s incidents and losses is here: https://cryptopotato.com/report-crypto-hacks-rose-96-in-march-as-losses-hit-52m/.)

What the episode exposed

Two episodes in particular showed the mechanics of that cascade. The ResolvLabs breach produced about $25 million in direct losses and — critically — created bad debt across multiple lenders, with reported knock-on effects at Euler, Morphoblue and Fluid. That chain illustrates a single exploit turning into protocol-level credit shortfalls rather than a contained asset theft. A contemporaneous security observer also used the phrase "shadow contagion" to describe these linkages; that term appears unique to PeckShield’s post and is not widely used across other security analyses: https://x.com/PeckShieldAlert/status/2039198453012787514?s=20

Separately, a manipulation of the Venus Protocol enabled roughly $15 million in borrow capacity for the attacker and later left about $2.18 million in bad debt. The Venus episode is instructive because the exploit exploited borrowing mechanics to convert stolen or mispriced collateral into levered positions that lenders ultimately absorbed: https://dev.to/ohmygod/the-venus-protocol-donation-attack-how-a-compound-forks-getcashprior-let-an-attacker-bypass-1ggc

What this means for collateral operations

These incidents make a simple but operationally consequential point: recovery and loss reporting that focus on the initial theft miss where most protocol counterparty risk accumulates. When attackers route proceeds into on-chain borrowing or when exploited valuations cross into lending contracts, the loss migrates onto protocol balance sheets as bad debt rather than remaining as an off-chain claim against an exploiter.

That distinction matters for collateral workflows. Lenders and liquidators face two separate problems after a hack: (1) tracking and limiting attacker access to borrow capacity, and (2) recognizing when stolen or inflated collateral will end up as unrecoverable receivables on the ledger. The March episodes show both problems can happen quickly and at scale.

What this changed for collateral markets

March’s spike in exploits — and the $52 million total hit — tightened the connection between custody events and lending impairment. Two confirmed outcomes from the month are directly relevant to collateral managers: the ResolvLabs breach generated bad debt across Euler, Morphoblue and Fluid, and the Venus exploit produced roughly $2.18 million of bad debt after enabling about $15 million of borrowing. Those are concrete instances where market theft translated into measurable lending losses.

Assetify’s view: the practical lesson is narrow and immediate. These incidents reveal that protocol risk modelling must treat successful exploits as potential sources of on‑chain credit losses, not merely as asset disappearance. For collateral markets, that means pricing counterparty exposure with the assumption that attackers can and will route proceeds into borrowable positions, creating bad debt that must be absorbed by lenders or governance mechanisms.

The March run of hacks did not invent a new failure mode, but it did make clear which failure mode is most costly: theft that flows into borrowing and then into protocol balance sheets. That is the loss vector collateral operations and lending protocols need to reckon with now.