Author: SlowMist Security Team

Overview

In November 2024, the total loss from Web3 security incidents was approximately $86.24 million. Among these, according to the SlowMist Blockchain Hacking Archive (https://hacked.slowmist.io), there were 21 hacking incidents, resulting in losses of about $76.86 million, with $25.5 million returned. The causes of these incidents included contract vulnerabilities, account hacks, and price manipulation. Additionally, according to the Web3 anti-fraud platform Scam Sniffer, there were 9,208 victims of phishing incidents this month, with losses reaching $9.38 million.

(https://dune.com/scam-sniffer/november-scam-sniffer-2024-phishing-report)

Major Security Incidents

MetaWin

On November 4, 2024, according to on-chain investigator ZachXBT, the crypto gambling platform MetaWin was allegedly attacked, with over $4 million stolen on the Ethereum and Solana chains. According to MetaWin CEO Skel, the attacker infiltrated MetaWin's hot wallet through the platform's frictionless withdrawal system.

DeltaPrime

On November 11, 2024, the DeFi protocol DeltaPrime was attacked on Avalanche and Arbitrum, with DeltaPrime initially estimating losses at $4.75 million. The root cause of this attack was the lack of input validation in the reward claiming feature.

(https://x.com/DeltaPrimeDefi/status/1855899502944903195)

Thala

On November 15, 2024, the Aptos-based DeFi project Thala was attacked, resulting in $25.5 million being stolen, with the attacker exploiting a vulnerability in its smart contract. The project team suspended the relevant smart contracts and froze some tokens, ultimately successfully freezing approximately $11.5 million in assets. After collaborating with law enforcement and multiple blockchain security teams, the project team successfully negotiated to recover the assets and allowed the attacker to retain $300,000 as a bounty.

(https://x.com/thalalabs/status/1857703541089120541?s=46&t=bcMyidYO0QkS5ajIW9CBdg)

DEXX

On November 16, 2024, multiple users' funds were stolen from the on-chain trading terminal DEXX. According to the SlowMist security team, the losses from this incident have reached $21 million. Currently, the SlowMist security team is assisting DEXX's officials and partners in ongoing analysis. On November 28, the SlowMist security team announced they had collected 8,612 attacker addresses on the Solana chain related to DEXX, and attacker addresses on the EVM chain will also be made public after the cleaning statistics are completed.

(https://x.com/MistTrack_io/status/1862134946090881368)

Polter Finance

On November 17, 2024, the Fantom-based DeFi project Polter Finance was attacked, resulting in losses of approximately $12 million. The attacker drained the BOO token reserves through a flash loan, artificially inflated the calculated price of BOO, allowing them to borrow tokens far exceeding the actual value of the collateral, thus realizing substantial profits. The platform's founder stated that they have submitted a report to Singapore authorities and attempted to contact the attacker via on-chain messages to negotiate the return of funds, but have yet to receive a response.

(https://x.com/polterfinance/status/1857971122043551898)

Feature Analysis and Security Recommendations

The number of security incidents and the scale of losses this month have significantly decreased compared to last month, reflecting ongoing improvements in industry security measures to some extent. Notably, contract vulnerabilities accounted for the highest proportion in terms of both attack cause distribution and loss scale. The 7 contract exploitation incidents this month caused losses of approximately $30 million, accounting for 39% of total losses. The SlowMist security team advises project teams to remain vigilant and conduct regular comprehensive security audits to track and address new security threats and vulnerabilities to protect project and asset safety.

Additionally, the SlowMist security team noted that this month there were real cases of AI poisoning attacks targeting the Crypto industry. This phenomenon indicates that the target scope of supply chain attacks is further expanding. Some developers, in pursuit of efficiency, may overly rely on AI-generated code while neglecting the review of code security. Therefore, the SlowMist security team reminds developers and project teams to avoid blindly trusting output results when using AI to generate code. All code should undergo strict security audits and testing before actual use to prevent security risks and protect project and user asset safety. Meanwhile, project teams should also strengthen overall supply chain security management, conduct comprehensive evaluations of third-party tools and services, and continuously monitor security dynamics in related fields to respond promptly to new threats.