Blockchain security firm CertiK has released its monthly statistics on confirmed Web3 incidents, and the figures are concerning. The total damage surged by over 1,100%, escalating from $32 million to nearly $363 million. CertiK identifies November as a month marked by the most substantial losses this year.
All three categories of incidents monitored by cybersecurity teams, exploits, flash loan attacks, and rug pulls, contributed to significantly higher financial damage in November compared to the previous month.
November exploits
According to CertiK, exploiters targeting security vulnerabilities in blockchain projects successfully stole $316.4 million in November. Notably, only September witnessed a greater loss caused by exploits, reaching $329.8 million.
The most significant impact was observed on cryptocurrency exchanges associated with TRON's founder, Justin Sun. Poloniex endured a $131.4 million theft, while HTX (formerly Huobi) and Heco Bridge experienced losses of $113.3 million.
The Poloniex attack on November 10 saw the hacker make a crucial error, transferring $2.6 million worth of stolen crypto to the contract address.
In the second incident on November 22, the attacker exploited the bridge operator's privileges, withdrawing a substantial amount of assets totaling approximately $87 million. The affected cryptocurrencies included ETH, USDT, HBTC, SHIBA INU, UNI, USDC, LINK, and TUSD. Concurrently, HTX hot wallets on Ethereum exhibited suspicious movements, resulting in a loss of $13.6 million, involving ETH, USDT, USDC, LINK, ARIX, and KOK. Additionally, potentially malicious transfers impacting TRON amounted to $12.6 million.
Read also: Another Justin Sun’s Project Is Hacked, Over $113 Million Lost
Other significant incidents highlighted by CertiK include KyberSwap ($45 million), Phishing Victim 0xa8D ($27.1 million), and Kronos Research ($24.7 million).
The KyberSwap hacks were executed through a flash loan attack, marking it as the most substantial flash loan attack in November. While other major flash loan attacks impacted The Standard, AI Space, Grok, and 9419/3913, their combined total damage was only a fraction of the overall monthly losses attributed to this type of exploit, amounting to nearly $45.5 million.
Interestingly, in the KyberSwap hack, the hacker's motives extended beyond financial gain. According to an on-chain message sent to the KyberSwap team yesterday, the malicious actor is actively seeking complete control of the entire Kyber company. This includes temporary full authority over KyberDAO, access to sensitive information, and the surrender of all Kyber company assets, both on-chain and off-chain.
Exit scams in November
CertiK's monthly exit scam statistics diverge from incidents reported by other cybersecurity firms.
CertiK's team specifically identifies four exit scams, including SAI Pro, along with To The Moon ($291,621), Battle Riyale Token ($83,716), and FCL ($17,012). However, there were numerous reports about other rug pull incidents that happened last month from other cybersecurity teams.
For example, PeckShield detected an exit scam involving DOR on November 22, resulting in a loss of over $285,000. Additionally, SlowMist identified at least fourteen rug pulls executed within a single week between November 5 and November 11, including the following exit scams among others:
- DarkProtocol (DARK);
- GigaDAO (GIGS);
- TrustPad (TPAD);
- Web (WEB);
- Creso (CRE);
- IPMB;
- DigiFund (DFUND);
- PAPABEAR (PAPA).
Read also: Almost $170 Million Lost in Last Week’s Web3 Exploits
According to SlowMist, these projects were allegedly engaged in exit scams, where liquidity withdrawal by deployers resulted in price collapses, totaling over $3 million within a single week.
As mentioned earlier, CertiK's statistics for rug pulls likely only include cases confirmed by the team.
CertiK estimates that the total yearly losses have surpassed 1.722 billion so far.