SlowMist Releases November Security Incident Report: 21 Hacks Resulting in $76.86 Million in Losses

In November 2024, a total of 21 hacking incidents occurred, resulting in approximately $76.86 million in losses, with $25.5 million recovered. The causes included contract vulnerabilities, account hacks, and price manipulation. Additionally, there were 9,208 phishing victims this month, with losses amounting to $9.38 million.

Major Security Incidents in November

MetaWin

On November 4, 2024, blockchain investigator ZachXBT reported that crypto gambling platform MetaWin was hacked, resulting in over $4 million stolen on Ethereum and Solana chains. According to MetaWin CEO Skel, the attackers exploited the platform‘s frictionless withdrawal system to breach MetaWin’s hot wallet.

DeltaPrime

On November 11, 2024, DeFi protocol DeltaPrime was attacked on Avalanche and Arbitrum, with an estimated loss of $4.75 million. The root cause of the attack was the lack of input validation in the reward claim function.

Thala

On November 15, 2024, Aptos-based DeFi project Thala was hacked, resulting in $25.5 million in losses. The attackers exploited a vulnerability in the projects smart contract. The team halted affected smart contracts and froze approximately $11.5 million in assets. After working with law enforcement and blockchain security teams, the project recovered a significant portion of the stolen funds, allowing the attacker to keep $300,000 as a bounty.

DEXX

On November 16, 2024, several users of the DEXX on-chain trading terminal reported stolen funds. According to SlowMist security team statistics, the losses amounted to $21 million. SlowMist is assisting DEXX and its partners in ongoing investigations. On November 28, SlowMist released data identifying 8,612 attacker addresses on the Solana chain, with attacker addresses on EVM chains to be disclosed after further analysis.

Polter Finance

On November 17, 2024, Fantom-based DeFi project Polter Finance was hacked, incurring losses of approximately $12 million. The attacker exploited a flash loan to deplete BOO token reserves, artificially inflating its price. This allowed them to borrow tokens far exceeding the collateral‘s actual value, profiting massively. The platform’s founder stated that they had filed a report with Singaporean authorities and reached out to the attacker via on-chain messages for negotiation, but no response has been received.

AI Poisoning Attacks Alert

While the number of security incidents and associated losses decreased compared to the previous month, the SlowMist security team observed genuine AI poisoning attacks targeting the crypto industry. Developers, in their pursuit of efficiency, may have overly relied on AI-generated code without adequately auditing its security.