Blockchain security incidents increased in November, with losses due to hacker attacks reaching $203 million
Noneage monthly security incident highlights have begun! According to statistics from some blockchain security risk monitoring platforms, in November 2024, the amount of losses from various security incidents increased compared to October. More than 30 typical security incidents occurred in November, and the total loss amount caused by hacker attacks, phishing scams and rug pulls reached 203 million US dollars, an increase of about 38% from October, and 25.2 million US dollars were returned.
Hacker attack
10 typical security incidents
(1) On November 11, MetaScout detected a flash loan attack on the Ethereum stablecoin protocol Raft, which resulted in 6.7 million stablecoins $R being minted and the protocol losing $3.6 million. The root cause was a precision calculation problem when minting share tokens, which hackers exploited to obtain additional share tokens.
(2) On November 12, the blockchain-based lending platform Delta Prime suffered its second attack in two months. According to the latest estimates, nearly $5 million in crypto assets have been transferred. Shortly before that, Delta Prime suffered an attack of approximately $6 million in mid-September when an administrator of the protocol lost control of his private key, resulting in losses of more than $10 million for the protocol.
(3) On November 14, the vETH project was attacked. Based on the attack behavior, it is speculated that the cause of this incident was that the associated contract 0x62f2…a1b5 recently deployed by the vETH project had a price manipulation vulnerability, which caused the vETH contract to conduct abnormal price lending behavior. The current cumulative loss is approximately US$450,000.
(4) On November 15, the Aptos ecosystem DeFi project Thala suffered a security vulnerability attack in its latest V1 liquidity pool contract, resulting in the theft of assets worth US$25.5 million. Thala has currently suspended all related contracts and frozen Thala token assets (US$9 million MOD and US$2.5 million THL). With the assistance of other institutions, it has reached an agreement with the attacker to restore all user assets through a US$300,000 bounty.
(5) On November 18, the Zero Hour Technology project team monitored an attack on BNB Smart Chain. The project attacked was BTB. The cause of this vulnerability was that the project party used an outdated price oracle when completing the exchange of BTB to BUSD, which allowed the attacker to easily manipulate the price of BTB. First, they bought a large amount of BTB, raised the price of BTB, and then sold it, and finally completed arbitrage. This attack caused a total loss of about USD 5,000. For a detailed attack analysis, please click this link: https://mp.weixin.qq.com/s/fAAL7MzU5hU995ouCPz2yw
(6) On November 19, Polter Finance suffered a $12 million flash loan hacker attack. It is currently investigating the stolen funds related to the Binance wallet and has proposed negotiations with the attacker. On November 17, Polter Finance suspended platform operations after discovering the vulnerability and notified investors on X. The protocol investigated the stolen funds and traced them to a wallet on the cryptocurrency exchange Binance.
(7) On November 19, the on-chain trading terminal DEXX released an update on the previous security incident: “DEXX has officially filed a lawsuit, and the SlowMist team is actively assisting law enforcement agencies in subsequent investigations. At the same time, DEXX is actively discussing a compensation plan. According to previous news, according to SlowMist statistics, the DEXX incident has identified more than 900 victims, with a total loss estimated at US$21 million.
(8) On November 20, according to the monitoring of SlowMist Security Team, BSCGem (BSCGem) on BSC was suspected to have been attacked, resulting in a loss of approximately US$17,300.
(9) On November 25, the Zero Hour Technology Security Team detected an attack on BNB Smart Chain. The project attacked was DCF. The cause of this vulnerability was that the project wrote incorrect logic when implementing the transfer function of DCF. As a result, the attacker destroyed the DCF in the pair after transferring it to the swap pair, which made it easy to manipulate the price of DCF and finally complete arbitrage. This attack caused a total loss of approximately USD 440,000. For a detailed attack analysis, please click this link: https://mp.weixin.qq.com/s/NkMjMEmtoffwkH_ZzfMxig
(10) On November 29, according to the monitoring of the on-chain security monitoring agency BitJungle, the hacker address that had stolen the private key of DeFi blogger “Mining Penguin” showed abnormal changes after being silent for one year and ten months. The hacker has converted 4 million DAI into ETH, of which 900 ETH have entered the mixer, and the remaining ETH remains in the hacker’s address. It is reported that the “Mining Penguin” suffered a private key theft on January 14, 2023, and the stolen assets were worth about US$7.9 million at the time.
Rug Pull / Phishing Scam
4 Typical Security Incidents
(1) On November 15, the address starting with 0x916d was phished, resulting in a loss of 211 stETH (654,042 USD).
(2) On November 16, $FET worth $341,103 was stolen 1 hour ago after the victim signed the malicious “permit2” phishing signature. The victim was an address starting with 0xcc5.
(3) On November 22, Twitter user @r_cky0 revealed that when he used ChatGPT to generate code to develop a blockchain automatic trading robot, a backdoor was hidden in the code recommended by GPT, which sent the private key to a phishing website, resulting in a loss of about $2,500.
(4) On November 30, the address starting with 0x0140 lost 4.25 WBTC (410,096 USD) after signing the “license” phishing signature.
Summarize
This month, losses due to phishing scams accounted for 64.8% of the total losses, totaling about $131 million.
Noneage’s security team recommends that project owners remain vigilant and reminds users to beware of phishing attacks. It is recommended that users fully understand the background and team of the project before participating in the project and carefully choose investment projects. In addition, internal security training and authority management should be carried out, and professional security companies should be found to conduct audits and conduct project background checks before the project goes online.
