Damages from crypto project hacks totaled $349 million in November
The method of attack on most of the platforms is still unidentified
04.12.2023 - 08:18
289
4 min
0
What’s new? According to SlowMist, a blockchain audit company, the damage from hacker attacks on crypto projects amounted to $349 million in November. Of that, 15,8% was due to liquidity pool exploits, 7,5% to API key leaks, and 4,2% to instant loan and market manipulation attacks, but the nature of most of the incidents remains unknown.
November’s biggest attacks. During the month, 47 incidents were recorded, in particular, the following projects were affected:
- On November 1, the Onyx lending DeFi protocol lost 1165 ETH worth $2,1 million. Hackers manipulated interest rates to borrow more funds and launch an attack, then transferred the funds to the Tornado Cash crypto mixer, which has been under US sanctions since last August.
- On November 6, the staking contract of the cross-chain fundraising platform TrustPad was attacked. A hacker exploited a vulnerability to repeatedly call the staking rewards function and then withdrew $155 000.
- On November 7, TheStandard.io, the DeFi protocol for stablecoin lending, lost $290 000. The attacker took advantage of low liquidity in the PAXG pool to manipulate the market. In this, he returned $265 000 to the project on November 9.
- On November 8, 1238 ETH worth $2,5 million was withdrawn from the hot wallet of the Australian crypto exchange CoinSpot, the alleged reason being a private key leak.
- On November 11, an attack on the Raft protocol on the Ethereum network resulted in the release of 6,7 million stablecoins R and the loss of $3,3 million in ETH. The reason was the vulnerability of the coin issuance mechanism.
- On November 14, a hacker hacked into the Exzo network administrator’s wallet and assigned his address the right to manage the XZO native coin contract. He then issued a large volume of XZO and withdrew 169 ETH worth $310 000 from the XZO/ETH liquidity pool on the Uniswap exchange.
- On November 18, the dYdX exchange was forced to allocate $9 million from its insurance fund to cover liquidations of user positions in the YFI token, whose marketplace, according to management, was under a targeted attack.
- On November 19, market maker Kronos Research lost 13 007 ETH worth $26 million due to a leak of API keys and was forced to suspend trading, which in turn crippled the WOO exchange. Kronos was WOO’s main liquidity provider, and the trading suspension led to the liquidation of exchange users’ positions, but the damage has already been compensated to them.
- On November 10 and 22, the Poloniex and HTX exchanges and the Heco cross-chain protocol, led by Justin Sun, lost over $243 million in two attacks, with SlowMist not specifying a possible reason for the hacks. Sun’s team is also investigating and has already announced an airdrop among users of both exchanges following the full resumption of trading.
HTX and Poloniex to conduct airdrop after hack worth more than $210 million
The event will be timed to coincide with the full resumption of deposit and withdrawal functions
- On November 23, the KyberSwap exchange lost $54,7 million due to a vulnerability in the token exchange mechanism. In the course of negotiations, the attacker refused remuneration in exchange for the return of most of the funds and demanded to give him control over the project. He said he would buy out management’s stakes in the company, double employee salaries and pay 50% to liquidity providers, but the holders of native tokens would be left with nothing as a result of their depreciation.
“It is also more than you deserve.” KyberSwap hacker demands to transfer complete control over the protocol to him
In this case, he promised to buy out the shares of the executives and double the salaries of the employees
Separately, the analysts also mentioned fraud cases. During the month, they recorded 24 schemes realized by the Rug Pull method, when developers stole all investors’ funds. Most of the incidents occurred on the networks of Binance Smart Chain and Ethereum.
Useful material?
Incidents
The company conducted fictitious trading for six years to inflate the trading volume of tokens of several companies, receiving payment for these services
Nov 1, 2024
Market
1,5 million addresses have already left applications
Oct 31, 2024
Business
The company began investing in bitcoin in 2020, and since then, the value of its securities has risen by 1700%
Oct 30, 2024
Mining
The Deputy Energy Minister explained that in deficit regions, it is impossible to allocate large capacities for industry enterprises until 2030
Oct 30, 2024
Market
Customers will also be able to withdraw funds to bank accounts using cards
Oct 30, 2024
Mining
Blockware noted increased investor interest in this type of asset due to inflation concerns
Oct 29, 2024