Overview

In November 2024, the total loss of Web3 security incidents was approximately US$86.24 million. Among them, according to statistics from the Slowmist Blockchain Hacked Archive (https://hacked.slowmist.io), a total of 21 hacking incidents occurred, resulting in losses of approximately US$76.86 million, of which US$25.5 million was returned. The reasons involved Contract loopholes, account hacking, price manipulation, etc. In addition, according to statistics from Web3 anti-fraud platform Scam Sniffer, there were 9,208 victims of phishing incidents this month, with losses reaching $9.38 million.

(https://dune.com/scam-sniffer/november-scam- sniffer-2024-phishing-report)

November 4, 2024 Today, according to on-chain detective ZachXBT According to monitoring, the encrypted gambling platform MetaWin is suspected of being attacked, and more than $4 million was stolen on the Ethereum and Solana chains. According to MetaWin CEO Skel, the attacker invaded MetaWin’s hot wallet through the platform’s frictionless withdrawal system.

On November 11, 2024, the DeFi protocol DeltaPrime was announced on Avalanche and Arbitrum As a result of the attack, DeltaPrime initially estimated losses at $4.75 million. The root cause of this attack was the lack of input verification in the reward claiming function.

(https://x.com/DeltaPrimeDefi/status/1855899502944903195) p>Thala

On November 15, 2024, Thala, a DeFi project based on Aptos, was attacked, resulting in the theft of $25.5 million. The attacker exploited vulnerabilities in its smart contracts. The project team suspended the relevant smart contracts and froze After cooperating with law enforcement and multiple blockchain security teams, the project team successfully negotiated the recovery of the assets and allowed the attacker to retain 30% of the tokens. Ten thousand US dollars as bounty

(https://x.com/thalalabs/ status/1857703541089120541?s=46&t=bcMyidYO0QkS5ajIW9CBdg)

2024 11 On March 16, the funds of multiple users of the on-chain trading terminal DEXX were stolen. According to statistics from the SlowMist security team, the loss in this incident has reached US$21 million. Currently, the SlowMist security team is assisting DEXX officials and partners. For analysis. On November 28, the SlowMist security team announced that it had collected 8,612 DEXX attacker addresses on the Solana chain, EVM The attacker's address on the chain will also be made public after the cleaning statistics are completed

(https ://x.com/MistTrack_io/status/1862134946090881368)

November 17, 2024, DeFi based on Fantom The project Polter Finance was attacked and lost approximately US$12 million. The attacker depleted BOO's token reserves through flash loans, artificially raising the calculated price of BOO, which enabled it to lend tokens that far exceeded the actual value of the collateral. , resulting in huge profits. The founders of the platform said they have submitted a report to the Singapore authorities and tried to contact the attackers through on-chain messages to negotiate the return of the funds, but have not yet received a response.

(https://x.com/polterfinance/status/1857971122043551898)

Feature analysis and security suggestions

The number of security incidents and the scale of losses this month have dropped significantly compared with the previous month. This change reflects, to a certain extent, the industry's continuous improvement of security protection measures. It is worth noting that contract vulnerabilities account for the highest proportion regardless of the distribution of attack causes or the scale of losses caused. The 7 contract vulnerability exploitation incidents that occurred this month caused losses of approximately US$30 million, accounting for 39% of the total losses. The SlowMist security team recommends that project parties always remain vigilant and conduct comprehensive security audits regularly to track and resolve new security issues. Threats and vulnerabilities to protect projects and assets.

In addition, the SlowMist security team noticed that a real case of AI poisoning attack targeting the Crypto industry occurred this month. This phenomenon shows that the target scope of supply chain attacks is further expanding. While pursuing efficiency, some developers may rely too much on AI-generated code and neglect to review code security. Therefore, the SlowMist security team reminds developers and project parties not to blindly trust the output results when using AI to generate code. All codes should undergo strict security audits and testing before being put into actual use to prevent security risks and protect the asset security of projects and users. At the same time, project parties should also strengthen the overall security management of the supply chain, conduct a comprehensive evaluation of third-party tools and services, and continue to pay attention to security trends in related fields to respond to new threats in a timely manner.