DeFi Explosions: Resolv & IoTeX Scramble to Compensate Users as 2026 Losses Surge Past $137M

A stark warning is flashing across the decentralized finance sector as a fresh wave of exploits pushes total losses for 2026 beyond $137 million. The latest breach at protocol Resolv, following the IoTeX bridge hack, has triggered urgent compensation efforts and signals a chaotic first quarter marked by a potential 10% correction in broader DeFi token valuations. Resolv confirmed a compromised private key allowed an attacker to mint 80 million USR tokens, while IoTeX has now opened a live claims portal to fully reimburse users from its February 21 cross-chain bridge exploit—one of four major hacks this month identified by security firm Halborn.

Which protocols absorbed the Resolv fallout?

The Resolv breach affected a cluster of DeFi platforms that had accepted USR and related tokens as collateral, forcing them to declare their exposure and update their respective users on the safety of their funds.

Paul Frambot, co-founder and CEO of lending network Morpho, confirmed that approximately 15 of the network’s 500-plus vaults had non-negligible exposure to impacted markets.

“While affected vaults were specifically designed for higher-risk strategies with longer-tail collateral assets, every other vault without exposure, including lower-risk ‘prime vaults’, remained completely unaffected,” Frambot wrote.

He also praised curators Re7 Labs, Steakhouse Financial, and kpk, among others, for cross-supporting one another through the crisis.

Risk management firm Gauntlet stated that it is still discussing a resolution with Resolv and that it is working on a compensation plan for any remaining funds.

The platform stated on X, “Gauntlet USD Alpha has no exposure to USR nor RLP positions. Vaults on our platform are unaffected with no impact to capital suppliers.”

It also added that all deposits and caps have been reduced to zero for specific Morpho vaults.

Lending protocol Fluid announced that its team had secured short-term loans, backed by personal commitments from Lom Lomashuk of Cyber Fund, a contributor known as weremeow, and the Fluid core team itself, to cover 100% of bad debt currently in the protocol.

It added that the Resolv team confirmed that they will cover all USR positions that originated before the security incident and will also enable redemptions required to close those debt positions.

According to Fluid, multiple investors had expressed interest in purchasing its treasury tokens should further funds be required. It also reassured its users that its smart contracts are safe and operating as intended, writing on X, “All other markets continue to function normally, and protocol safeguards remain active. Users may see temporary rate volatility while positions are being unwound.”

Has AI made DeFi harder to secure?

The $137 million lost to DeFi exploits since January, as tallied by blockchain researcher CipherResearchx, places 2026 on a troubling trajectory. The figure covers 15 incidents, led by Step Finance ($27.3 million), Truebit ($26.2 million), Resolv (over $25 million), and SwapNet ($13.4 million).

For context, Q1 losses of over $1.64 billion and $336.3 million were recorded across the whole of crypto in 2025 and 2024, respectively, per Immunefi. However, DeFi losses in the first quarter of 2025 were around $106.8 million.

The 2026 DeFi-specific total, which is already higher than the exploits of Q1 2025, shows that exploits are accumulating at an increasing pace.

Also, there’s a new AI dimension to DeFi risk vectors.

In February, the lending protocol Moonwell lost $1.78 million as Security auditor Pashov stated that pull requests (PR) of the project show commits were co-authored by Claude Opus 4.6, making it what some observers described as the first significant DeFi exploit linked to vibe coding.

There’s a middle ground between leaving money in the bank and rolling the dice in crypto. Start with this free video on decentralized finance.