Resolv and IoTeX Take Measures to Compensate Users as DeFi Vulnerabilities Push 2026 Losses Beyond $137 Million

• The Anatomy of Recent DeFi Exploits
• Compensation Mechanisms Under Strain
• The AI Threat Dimension Emerges
• Industry Response and Path Forward
• FAQs

In a dramatic escalation of DeFi security concerns, 2026 has already seen over $137 million lost to exploits, with Resolv and IoTeX emerging as major casualties. The incidents highlight growing systemic risks in decentralized finance, compounded by emerging threats like AI-assisted attacks. While compensation efforts are underway, the scale of losses raises tough questions about DeFi's security maturity.

The Anatomy of Recent DeFi Exploits

The crypto world woke up to alarming news on February 21, 2026 when IoTeX's cross-chain bridge was compromised, forcing the platform to launch a live claims portal offering 100% compensation to affected users. Resolv's crisis proved more complex - a compromised private key allowed attackers to mint 80 million USR tokens, with the protocol scrambling to contain the damage just 48 hours after detection. According to blockchain security firm Halborn, these incidents represent four of February's major crypto attacks now entering resolution phases.

What makes 2026 particularly concerning is the acceleration of losses. Data from CipherResearchx shows $137 million lost across 15 incidents in just three months, dwarfing comparable periods in previous years. Notable exploits include Step Finance ($27.3M), Truebit ($26.2M), Resolv ($25M+), and SwapNet ($13.4M). The Morpho lending network reported 15 of its 500 vaults had significant exposure, though CEO Paul Frambot emphasized their "prime vaults" remained secure.

Compensation Mechanisms Under Strain

IoTeX moved swiftly with its compensation portal, while Resolv's situation remains fluid. The protocol destroyed 9 million attacker-held tokens and maintains a $141 million guarantee fund, though only $500,000 in refunds were processed pre-suspension. Fluid Loans secured emergency funding from Cyber Fund's Lom Lomashuk and Core team members to cover bad debt, with investors reportedly interested in treasury tokens if additional funds become necessary.

Risk management firm Gauntlet continues negotiating solutions with Resolv, having already zeroed out deposits and limits for certain Morpho vaults. Their X statement reassured users: "Gauntlet USD Alpha has no exposure to USR or RLP positions. Vaults on our platform remain unaffected with no impact to capital providers."

The AI Threat Dimension Emerges

February 2026 marked a disturbing milestone when Moonwell lost $1.78 million in what security auditor Pashov identified as the first AI-assisted DeFi exploit. Attackers Leveraged Claude Opus 4.6 to craft malicious pull requests, signaling a dangerous new frontier in crypto security. As Immunefi data shows, while 2025's first quarter saw $1.64 billion in crypto losses overall, DeFi-specific losses are accelerating alarmingly in 2026.

The BTCC research team notes: "We're seeing threat vectors evolve faster than security practices can adapt. The combination of human ingenuity and AI capabilities creates unprecedented challenges for protocol developers."

Industry Response and Path Forward

Despite the grim statistics, the crisis has fostered remarkable collaboration. Frambot praised Re7 Labs, Steakhouse Financial, and kpk for their crisis support, while Fluid's team demonstrated how personal commitments can backstop systemic risks. Resolv has pledged to cover all pre-exploit USR positions and enable necessary refunds.

As compensation mechanisms strain under the weight of mounting claims, the industry faces tough questions about long-term sustainability. With AI now entering the attacker's toolkit and losses piling up faster than ever, 2026 may become a watershed year for DeFi security overhauls.

FAQs

What protocols were affected by Resolv's failure?

The security breach impacted multiple DeFi platforms that had accepted USR and related tokens as collateral, forcing them to declare exposures and notify users about fund safety. Morpho reported about 15 of its 500 vaults had significant exposure to affected markets.

Has AI made DeFi harder to protect?

February 2026 saw Moonwell lose $1.78 million in what some observers called the first AI-coded DeFi exploit, where project pull requests showed confirmations co-written by Claude Opus 4.6. This represents a dangerous new attack vector combining human and artificial intelligence.

How does 2026 compare to previous years?

While the broader crypto sector saw $1.64 billion in Q1 2025 losses, DeFi-specific losses are accelerating alarmingly in 2026, having already surpassed 2025's first quarter totals with $137 million lost across just 15 incidents.