Cyber Incident Victim: Resolv
Date:
Mar 2026
Location:
—
Summary
An exploit on the yield protocol Resolv resulted in the loss of approximately twenty‑five million dollars in digital assets. The incident occurred amid a surge of AI‑assisted attacks that have lowered the cost and increased the speed of finding and exploiting vulnerabilities, contributing to broader crypto losses that exceeded one billion dollars over the past year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A week before the Solana-based decentralized finance protocol Drift was exploited in the week of April 5 2026, attackers targeted the yield protocol Resolv and drained $25 million worth of digital assets. The Drift exploit itself resulted in losses of $285 million and was described as one of the most severe attacks of the year so far. The Resolv incident contributed to the broader trend of crypto thefts, with DefiLlama reporting that over $1.4 billion in assets were stolen or lost across the industry during the preceding twelve months. These figures place the Resolv attack within a period of heightened activity in blockchain-related security breaches.
Ledger's chief technology officer Charles Guillemet linked the increase in successful attacks to the growing use of artificial intelligence, stating that AI tools make finding vulnerabilities and exploiting them really easy and have driven the cost down to zero. He noted that tasks which once required skilled researchers months to complete, such as reverse engineering software or chaining exploits, can now be accomplished in seconds with the appropriate prompts. Guillemet warned that for cryptocurrency protocols, where code often controls large pools of funds, this shift raises the stakes and demands perfection from development teams. He also pointed out that the proliferation of AI-generated code could spread vulnerabilities faster, as there is no automated 'make it secure' button to guarantee safety.
Guillemet suggested that stronger security measures such as formal verification using mathematical proofs and hardware-based solutions like hardware wallets, which isolate private keys from internet-connected devices, are necessary to counter the evolving threat landscape. He described how modern malware can scan compromised phones for wallet seed phrases, enabling attackers to drain funds without any user interaction. For average cryptocurrency users, he advised that they should assume systems can and will fail and that they cannot trust most of the systems they use. Guillemet further observed that this environment could lead more users toward cold storage, stronger operational security, and keeping sensitive data offline, while also noting that risks extend beyond software to include physical attacks targeting crypto holders, and that a divide may emerge where critical protocols invest heavily in security while much of the broader software ecosystem struggles to keep pace.