Crypto hacks eased significantly last month.

March saw $28.8 million stolen through exploits — down 97% from February's $1.5 billion bloodbath.

Numbers can lie though. More than 90% of the February exploit was accounted by just the $1.4-billion Bybit hack - the largest one ever in crypto.

The hackers haven't gone away — they've just changed tactics.

This is what happened in March:

• Abracadabra.Money lost $13 million when a clever hacker exploited a smart contract flaw to repeatedly borrow without repaying.

• Zoth saw $8.4 million vanish after their deployer wallet was compromised on March 21

• 1inch suffered a $5 million hit but — recovered 90% by negotiating with their attacker

While blockchain security firms celebrate these "improved" figures, they're missing half the story.

On-chain detective ZachXBT estimates at least $46 million disappeared through unreported phishing scams in March — attacks that never make it into the official tallies because they exploit humans rather than code.

Australian police issued warnings about a wave of sophisticated fake exchange messages designed to harvest wallet phrases. This is not the first time.

Perhaps the most fascinating development was 1inch's successful recovery strategy — they offered their attacker a 10% bounty (about $500,000) to return the stolen funds. And it worked.

Abracadabra.Money upped the game with a 20% bounty after their attack, though their hacker has yet to respond.

Q1 Post-mortem

Step back from March's relative calm, and Q1 2025 still looks grim.

• Total damage: $1.63 billion (PeckShield)

• Year-on-year increase: 131% from Q1 2024 ($706 million)

• January losses: $87 million

• February spike: $1.5 billion (primarily Bybit)

• March: $28.8 million (plus those unreported phishing losses)

The quarter's volatility isn't just reflected in token prices — it's written in the security incident logs too.

ETH has struggled to break resistance at $2,000 since the Abracadabra attack embezzeled away 6,260 ETH. A stable Q2 security landscape could provide the confidence boost needed to push beyond this psychological barrier.

The March security improvement feels nice — like a cooling breeze after February's inferno.

Yet there’s caution.

We've spent years (and billions) hardening smart contracts, only to watch users hand over their keys through screenshot attachments and fake support chat links. All that bulletproof code means nothing if we're willingly giving away the passwords.

The next frontier isn't code — it's us.

Until the industry takes user education as seriously as it takes auditing, we'll keep seeing this pattern: declining "official" exploit numbers while phishing losses silently balloon.