Monthly Update | Total Loss from Web3 Security Incidents Approximately $86.24 Million

OverviewIn November 2024, the total loss from Web3 security incidents was approximately $86.24 million. Among them, according to statistics from the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io), there were a total of 21 hacked incidents, resulting in losses of approximately $76.86 million, with $25.5 million recovered. The causes of incidents included contract vulnerabilities, account hacks, and price manipulation. Additionally, according to the Web3 anti-fraud platform Scam Sniffer, there were 9,208 victims of phishing incidents this month, with losses totaling $9.38 million.
(https://dune.com/scam-sniffer/november-scam-sniffer-2024-phishing-report)
Major Security Incidents
MetaWinOn November 4, 2024, on-chain detective ZachXBT monitored that the crypto gambling platform MetaWin was suspected of being attacked, with over $4 million stolen on the Ethereum and Solana chains. According to MetaWin CEO Skel, the attacker infiltrated MetaWin's hot wallet through the platform's frictionless withdrawal system.
DeltaPrimeOn November 11, 2024, the DeFi protocol DeltaPrime was attacked on Avalanche and Arbitrum, with an initial estimated loss of $4.75 million. The root cause of this attack was the lack of input validation in the reward claiming function.
(https://x.com/DeltaPrimeDefi/status/1855899502944903195)
ThalaOn November 15, 2024, the DeFi project Thala based on Aptos was attacked, resulting in $25.5 million being stolen, with the attacker exploiting vulnerabilities in its smart contracts. The project team paused the relevant smart contracts and froze part of the tokens, ultimately successfully freezing approximately $11.5 million in assets. After cooperating with law enforcement and several blockchain security teams, the project team successfully negotiated to recover the assets, allowing the attacker to keep $300,000 as a bounty.
(https://x.com/thalalabs/status/1857703541089120541?s=46&t=bcMyidYO0QkS5ajIW9CBdg)
DEXXOn November 16, 2024, multiple users' funds on the on-chain trading terminal DEXX were stolen. According to statistics from the SlowMist security team, the scale of losses from this incident has reached $21 million. Currently, the SlowMist security team is assisting DEXX officials and partners in ongoing analysis. On November 28, the SlowMist security team announced it had collected 8,612 addresses of DEXX attackers on the Solana chain, and addresses of attackers on EVM chains will be disclosed after cleaning statistics are completed.
(https://x.com/MistTrack_io/status/1862134946090881368)
Polter FinanceOn November 17, 2024, the DeFi project Polter Finance based on Fantom was attacked, resulting in a loss of approximately $12 million. The attacker exhausted the token reserves of BOO through flash loans, artificially inflating the calculated price of BOO. This allowed them to borrow tokens far exceeding the actual value of the collateral, yielding massive profits. The founder of the platform stated that they have submitted a report to the Singapore authorities and attempted to contact the attacker through on-chain messages to negotiate the return of funds, but have not yet received a response.
(https://x.com/polterfinance/status/1857971122043551898)
Feature Analysis and Security RecommendationsThis month's number of security incidents and scale of losses have significantly decreased compared to last month, reflecting the ongoing improvements in security measures within the industry. It is noteworthy that, both in terms of the distribution of attack causes and the scale of losses incurred, contract vulnerabilities accounted for the highest proportion. This month, 7 incidents of contract exploitation resulted in losses of approximately $30 million, accounting for 39% of total losses. The SlowMist security team advises project teams to remain vigilant and conduct regular comprehensive security audits, track and address new security threats and vulnerabilities, to protect project and asset security.
Additionally, the SlowMist security team noted that this month there were real attack cases of AI poisoning targeting the crypto industry. This phenomenon indicates that the target range of supply chain attacks is further expanding. Some developers, in pursuit of efficiency, may rely too heavily on AI-generated code, neglecting the review of code security. Therefore, the SlowMist security team reminds developers and project teams not to blindly trust the output results when using AI-generated code. All code should undergo strict security audits and testing before practical use to prevent security risks and protect project and user assets. Meanwhile, project teams should enhance the overall security management of the supply chain, conduct comprehensive evaluations of third-party tools and services, and continuously monitor security dynamics in related fields to respond timely to new threats.
Finally, the events included in this article are the main security incidents of the month. More blockchain security incidents can be viewed in the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io/).