Written by: SlowMist Security Team
Overview
In November 2024, the total loss from Web3 security incidents was approximately $86.24 million. Among these, according to the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io), there were 21 hacking incidents resulting in losses of about $76.86 million, of which $25.5 million was returned. The causes of these incidents involved contract vulnerabilities, accounts being hacked, and price manipulation, among others. Additionally, according to the Web3 anti-fraud platform Scam Sniffer, there were 9,208 phishing incident victims this month, with losses amounting to $9.38 million.
(https://dune.com/scam-sniffer/november-scam-sniffer-2024-phishing-report)
Major Security Events
MetaWin
On November 4, 2024, on-chain detective ZachXBT monitored that the crypto gambling platform MetaWin was suspected to have been attacked, with more than $4 million stolen on the Ethereum and Solana chains. According to MetaWin CEO Skel, the attackers infiltrated MetaWin's hot wallet through the platform's frictionless withdrawal system.
DeltaPrime
On November 11, 2024, the DeFi protocol DeltaPrime was attacked on Avalanche and Arbitrum, with DeltaPrime initially estimating losses of $4.75 million. The root cause of this attack was the lack of input validation in the reward claiming function.
(https://x.com/DeltaPrimeDefi/status/1855899502944903195)
Thala
On November 15, 2024, the Aptos-based DeFi project Thala was attacked, resulting in $25.5 million being stolen, with attackers exploiting a vulnerability in its smart contract. The project team suspended the relevant smart contracts and froze some tokens, eventually successfully freezing about $11.5 million in assets. After cooperating with law enforcement and several blockchain security teams, the project team successfully negotiated to recover the assets and allowed the attackers to keep $300,000 as a bounty.
(https://x.com/thalalabs/status/1857703541089120541?s=46&t=bcMyidYO0QkS5ajIW9CBdg)
DEXX
On November 16, 2024, multiple users' funds on the on-chain trading terminal DEXX were stolen. According to the SlowMist security team, the loss from this incident has reached $21 million. Currently, the SlowMist security team is assisting DEXX officials and partners in ongoing analysis. On November 28, the SlowMist security team announced that it has collected 8,612 attacker addresses on the Solana chain related to DEXX; attacker addresses on the EVM chain will also be released after the cleaning statistics are completed.
(https://x.com/MistTrack_io/status/1862134946090881368)
Polter Finance
On November 17, 2024, the Fantom-based DeFi project Polter Finance was attacked, resulting in losses of approximately $12 million. The attackers exhausted the BOO token reserves through flash loans, artificially inflating the calculated price of BOO. This allowed them to borrow tokens far exceeding the actual value of the collateral, resulting in significant profits. The platform's founder stated that they have filed a report with the Singapore authorities and attempted to contact the attackers via on-chain messages to negotiate the return of funds but have not received a response.
(https://x.com/polterfinance/status/1857971122043551898)
Feature Analysis and Security Recommendations
The number of security incidents and the scale of losses this month have significantly decreased compared to last month, reflecting the industry's ongoing improvement in security measures to some extent. It is worth noting that, both in terms of the distribution of attack reasons and the scale of losses incurred, contract vulnerabilities accounted for the highest proportion. The 7 contract vulnerability exploitation incidents that occurred this month caused losses of approximately $30 million, accounting for 39% of the total losses. The SlowMist security team recommends that project parties remain vigilant and regularly conduct comprehensive security audits, track and address new security threats and vulnerabilities to protect project and asset security.
Furthermore, the SlowMist security team noted that this month there were real attacks targeting the Crypto industry through AI poisoning. This phenomenon indicates that the target range of supply chain attacks is further expanding. Some developers, in pursuit of efficiency, may overly rely on AI-generated code while neglecting the review of code security. Therefore, the SlowMist security team reminds developers and project teams to not blindly trust the output results when using AI to generate code. All code should undergo strict security audits and testing before actual use to prevent security risks and protect the project's and users' asset security. Meanwhile, project teams should strengthen the overall security management of the supply chain, conduct comprehensive assessments of third-party tools and services, and continuously monitor security dynamics in relevant fields to respond promptly to new threats.
Finally, the events recorded in this article are the main security incidents of the month; more blockchain security incidents can be viewed in the SlowMist Blockchain Hacked Archive (https://hacked.slowmist.io/). Click to read the original text to jump directly.
