Author: SlowMist Security Team

Overview

In November 2024, the total loss from Web3 security incidents was approximately $86.24 million. Among them, according to the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io), there were a total of 21 hacked incidents, resulting in losses of about $76.86 million, with $25.5 million returned. The causes of these incidents involved contract vulnerabilities, account hacks, and price manipulation, among others. Additionally, according to the Web3 anti-fraud platform Scam Sniffer, there were 9,208 victims of phishing incidents this month, with total losses reaching $9.38 million.

(https://dune.com/scam-sniffer/november-scam-sniffer-2024-phishing-report)

Major Security Events

MetaWin

On November 4, 2024, according to on-chain detective ZachXBT's monitoring, the crypto gambling platform MetaWin was suspected to have been attacked, with over $4 million stolen on the Ethereum and Solana chains. According to MetaWin CEO Skel, the attacker infiltrated MetaWin's hot wallet through the platform's frictionless withdrawal system.

DeltaPrime

On November 11, 2024, the DeFi protocol DeltaPrime was attacked on Avalanche and Arbitrum, with DeltaPrime initially estimating losses at $4.75 million. The fundamental cause of the attack was the lack of input validation in the reward claiming function.

(https://x.com/DeltaPrimeDefi/status/1855899502944903195)

Thala

On November 15, 2024, the Aptos-based DeFi project Thala was attacked, resulting in the theft of $25.5 million, with the attacker exploiting vulnerabilities in its smart contracts. The project team suspended the relevant smart contracts and froze some tokens, ultimately successfully freezing approximately $11.5 million in assets. After cooperating with law enforcement and several blockchain security teams, the project team successfully negotiated to recover the assets, allowing the attacker to keep $300,000 as a bounty.

(https://x.com/thalalabs/status/1857703541089120541?s=46&t=bcMyidYO0QkS5ajIW9CBdg)

DEXX

On November 16, 2024, multiple users’ funds on the on-chain trading terminal DEXX were stolen. According to the SlowMist security team, the loss from this incident has reached $21 million. Currently, the SlowMist security team is assisting DEXX officials and partners in ongoing analysis. On November 28, the SlowMist security team announced that they had collected 8,612 DEXX attacker addresses on the Solana chain, and the attacker addresses on EVM chains will also be made public after the cleaning statistics are completed.

(https://x.com/MistTrack_io/status/1862134946090881368)

Polter Finance

On November 17, 2024, the Fantom-based DeFi project Polter Finance was attacked, with losses of approximately $12 million. The attacker exhausted the token reserves of BOO through flash loans, artificially inflating the calculated price of BOO. This allowed them to borrow tokens far exceeding the actual value of the collateral, thereby generating huge profits. The platform's founder stated that they have submitted a report to Singapore authorities and attempted to contact the attacker through on-chain messages to negotiate the return of funds, but have not yet received a response.

(https://x.com/polterfinance/status/1857971122043551898)

Feature Analysis and Security Recommendations

The number of security incidents and the scale of losses this month have significantly decreased compared to last month, a change that somewhat reflects the industry's continuous improvement in security measures. Notably, whether viewed from the distribution of attack causes or the scale of losses incurred, contract vulnerabilities accounted for the highest proportion. The seven contract vulnerability exploitation incidents this month caused losses of about $30 million, accounting for 39% of the total losses. The SlowMist security team advises project teams to remain vigilant and regularly conduct comprehensive security audits, track and address new security threats and vulnerabilities, and protect project and asset security.

In addition, the SlowMist security team noted that this month there were real attack cases involving AI poisoning targeting the Crypto industry. This phenomenon indicates that the scope of supply chain attacks is further expanding. Some developers, in pursuit of efficiency, may overly rely on AI-generated code while neglecting the review of code security. Therefore, the SlowMist security team reminds developers and project teams to never blindly trust output results when using AI-generated code. All code should undergo strict security auditing and testing before being put into actual use to prevent security risks and protect the project's and users' asset safety. Meanwhile, project teams should also strengthen the overall security management of the supply chain, conduct comprehensive evaluations of third-party tools and services, and continuously monitor security dynamics in related fields to respond promptly to new threats.