November has emerged as the second most significant month of the year in terms of lost funds, with a total of $369M.
The two most significant incidents were the Poloniex and HTX hacks, both incidents involving compromised private keys.
This confirms a trend we have been seeing for the whole year: a new wave of cybercriminals coming from traditional Web2 into the Web3 ecosystem who, instead of exploiting smart contracts, are using classic techniques such as 0-day exploits, DNS hijacks, SIM swaps, and many more to attack both centralized and decentralized projects and companies.
Lost funds in accordance to date: we can see two clear spikes:
– November 10: Poloniex hacked, due to compromised private keys, for $130M.
– November 22: HTX hacked, also due to compromised private keys, for $113M.
And then also three smaller but critical incidents:
– November 11: a Binance user account was hacked for $27M.
– November 19: Kronos research was hacked for $25M due to a price manipulation attack.
– November 23: Kyber Network hacked with a flash loan attack for $45M across Arbitrum, Avalanche, Optimism, Ethereum, Polygon, Base, and BSC.
Unveiling Attack Vectors Behind Major Funds Lost
$273M out of $369M were stolen due to compromised private keys. Second and third places for flash loan and price manipulation attacks. Even when the number of attacks related to private keys is less, the amounts are far larger than in the rest of the incidents.
Lost Funds by Network
The most affected network was Ethereum, with $248M, which is logical, given that it has the highest total value locked (TVL). Ethereum was followed by:
– Tron with $55M
– Arbitrum $20M
– Bitcoin $19M
– Optimism $15M
Attack Vectors
November was a month with lots of rug pulls. It’s interesting to note that our tool detected 22 of these 24 rug pulls before they happened.
We saw them using Blockfence’s Machine-learning Bytecode Analyzers and Proactive Web3 Mapping Knowledge Graph. Inside the category of exploited smart contracts, the most used technique was Price manipulation, with five victims: Standard.io, Raft Protocol, Builders NFTs, dYdX, and Kronos Research.
98% Detected by Blockfence
Based on the kind of attacks we are focused on, Blockfence detected 98.22% of them. We exclude incidents like compromised private keys or centralized exchange accounts that are not detectable in advance.
$369 Lost
With 369M, November has been the second most significant month in total funds lost, after June ($416M). To date, total funds lost in 2023 are $2.1 billion.