gate Research Institute: Security Incident Summary for November 2024

Summary

• In November 2024, the Web3 industry experienced a total of 21 security incidents, resulting in approximately $76.86 million in losses, a decrease from the previous month.
• This month, security incidents have focused on contract vulnerabilities, account hacking, and other attack methods.
• Contract vulnerabilities remain the main threat, accounting for 39% of total losses. *The majority of security incidents this month are focused on Ethereum and Polygon.
• Major fund losses this month include a $25.5 million loss from the Thala contract vulnerability, a $21 million loss from the DEXX Private Key leak, and a $12 million loss from the Polter Finance Flash Loan attack.

Security Event Overview

According to Slowmist data, there were a total of 21 hacking incidents in November 2024, resulting in a loss of approximately $76.86 million. This month's security incidents focused on contract vulnerabilities, account hacking, and attacks in various other ways. The number of security incidents and the scale of losses this month have significantly decreased compared to last month, reflecting the continuous improvement of the industry in security measures and raising security awareness to some extent. It is worth noting that contract vulnerabilities are still the main cause of attacks and losses. The 7 contract exploitation incidents that occurred this month resulted in a total loss of over $30 million, accounting for 39% of the total losses. Additionally, the official X account and official website of the encryption project remain the primary targets of hacking.

According to Scam Sniffer data, the distribution of security incidents on public chains this month shows that the losses are mainly concentrated on several mature and popular public chains, especially Ethereum and Polygon, which have experienced security incidents causing losses of over 6.91 million US dollars and 1.05 million US dollars respectively. This indicates that although the underlying security of public chains is relatively high, vulnerabilities in the Application Layer and Smart Contracts still pose significant risks to user funds.

Multiple blockchain projects encountered security incidents this month, resulting in significant financial losses. Major security incidents this month include Thala contract vulnerability leading to a theft of $25.5 million, DEXX Private Key leakage causing a loss of $21 million, and Polter Finance suffering a $12 million loss from a flash loan attack.

Major Security Incidents in November

According to official data, the projects with losses of over a million dollars in November are as follows. Multiple security incidents in November showed that contract vulnerabilities are still a major threat.

• Thala suffered a contract vulnerability attack on its liquidity pool, resulting in a loss of up to $25.5 million. Although all user funds were eventually recovered, this incident exposed risks in the contract design.
• DEXX The practice of directly issuing Private Keys by the server obviously has serious security risks, resulting in user funds being stolen, with a total amount of 21 million US dollars. This operating method needs to be thoroughly improved.
• SpookySwap, by Polter Finance, fell victim to a flash loan attack and lost $12 million. Insufficient security testing after the launch of the new market may have been the root cause of the problem. Such incidents serve as a reminder to project parties to conduct comprehensive security audits before deploying new features.
• Delta Prime suffered attacks on multiple on-chain due to contract vulnerabilities, resulting in a loss of approximately $4.75 million. This indicates that even in mature on-chain projects, security risks cannot be completely avoided. Similarly, MetaWin suffered from an unknown attack, resulting in a loss of $4 million. The incidents occurred on multiple on-chain, indicating an increasing diversity and complexity of attack methods.
• CoinPoker Hot Wallet was stolen, with a loss of about 2 million US dollars. This incident involved multiple networks, and the attacker transferred the funds to a privacy protocol for laundering. XT Exchange was attacked by a Hacker for unknown reasons, resulting in a loss of 1.7 million US dollars in assets. The attacker quickly converted the funds into ETH and transferred them to a specific Address.

Thala

Project Introduction: Thala is a Decentralization stablecoin protocol based on Aptos, aiming to provide a stablecoin for yield generation and a Liquidity supply layer. The protocol supports various forms of Collateral, including Liquidity collateralized derivatives, Liquidity pool Tokens, deposit receipt Tokens, and assets pegged to real-world assets (RWA). This diversified Collateral design not only ensures Decentralization and anti-censorship characteristics but also takes into account capital efficiency.

Event Introduction:

On November 15, 2024, Thala, a Decentralized Finance project in the Aptos ecosystem, experienced a security incident, with a loss of $25.5 million. The attacker exploited vulnerabilities in the Smart Contract to carry out the attack. The project party promptly suspended the relevant contracts and froze a portion of the Token assets after the incident.【3】

After investigation, the project party successfully froze approximately $11.5 million in assets. Subsequently, the project party cooperated with law enforcement agencies and multiple blockchain security teams to actively handle the incident. Through negotiation, the project party recovered the stolen funds. According to the negotiated content, the attacker received a bounty of $300,000.

Reminder: After the event

• The project party needs to strengthen the security review of Smart Contracts. Before the code goes online, it must undergo strict security audits and regular vulnerability testing to reduce the possibility of attacks.
• Fund management strategy is crucial. The project party should set up a multisignature mechanism and a fund tiered storage strategy to avoid concentrating too much funds in a single contract, to mitigate potential losses in case of attack.
• Cooperation with security agencies is indispensable. Rapidly linking up with blockchain security teams and law enforcement agencies after an incident can effectively control losses and expedite asset recovery.

DEXX

Project Overview: DEXX is an on-chain Token trading terminal application designed specifically for memecoin trading, providing comprehensive functional support. The platform integrates accurate data analysis tools, advanced trading strategies such as mobile take profit and stop loss, and is equipped with intelligent Wallet monitoring and real-time push functions to help users optimize trading experience and efficiently manage assets.

Event Introduction:

On November 16, DEXX platform encountered a major security incident, where the improper management of the official Private Key led to its leakage, resulting in the theft of user assets, with a total loss exceeding 21 million US dollars, affecting over 500 victims. The affected Tokens include BAN, Banana, and LUCE, among which BAN suffered the largest loss. [4]

The following is the timeline of the DEXX Hacker incident:

• On November 19, DEXX announced that it has officially filed a lawsuit regarding the security incident. The platform stated that the compensation plan will be determined based on the amount recovered. SlowMist team assisted law enforcement in the investigation and initially confirmed about 2,000 suspicious Addresses.
• On November 25th, the number of victims who have submitted information through the SlowMist form has exceeded 1,000, and we continue to analyze the damaged data in cooperation with longer, emphasizing the avoidance of false reporting.
• On November 26, DEXX attackers began to exchange a large number of on-chain Tokens for SOL, and have not yet transferred out.
• On November 28, SlowMist disclosed 8,612 Solana Addresses related to the attacker, and cleaned up and aggregated the on-chain EVM data.
• On November 29th, the attacker further exchanged the tokens in the Solana Address for SOL and tested the operation of exchanging tokens on EVM on-chain for ETH.
• On November 30th, the attacker exchanged Token for ETH and BNB on the EVM chain (ETH/BSC/BASE), and the related assets have not been transferred out yet.
• On December 5th, attackers used Wormhole Cross-Chain Interaction to transfer some of the stolen funds on Solana to the ETH network. As of now, the attacker's ETH Address balance is 4,400.74 ETH, worth approximately $17.25 million; the remaining balance in the Solana Address is about $1.5 million. The incident is still under investigation.

Reminder: After the event

1. Users should pay high attention to the security of Private Key, regularly check the activities of Wallet and account, and promptly detect abnormal transactions or asset transfers. Utilizing real-time push notifications and intelligent Wallet monitoring tools can help take timely measures.
2. If your assets are unfortunately stolen, take appropriate measures to protect your rights and interests, and keep track of the relevant developments in a timely manner.

Polter Finance

Project Introduction: Polter Finance is a non-custodial lending platform on FTM that focuses on Decentralization and aims to provide lenders with proportional Interest returns.

Event Introduction:

Here is a timeline of the Polter Finance incident:

• On November 17th, Polter Finance suffered an attack due to the "bear market" issue, resulting in a loss of approximately $12 million.[5]
• November 18th, Polter Finance reported that Fantom on-chain encryption assets were attacked, with losses exceeding 7 million dollars. The attacker initially obtained funds through Tornado Cash on the Ethereum chain, and then bridged the funds to Fantom. The platform suspended operations to control the vulnerability and began tracking the involved Wallet, discovering that the related Address was associated with Binance. The platform team also publicly stated that if the attacker returns the funds, no legal action will be taken.
• November 19th , the attacker of Polter Finance transferred 120 ETH to Tornado Cash, with a loss of about 8.7 million US dollars. At the same time, the attacker began to transfer the stolen funds of 11.5 million FTM (about 8 million US dollars) in batches to Arbitrum and Ethereum, and then deposited these funds into Tornado Cash. At this point, the attacker has deposited 220 ETH (about 689,000 US dollars) to the Ethereum Address.
• November 20, Polter Finance Hacker continues to transfer funds to Tornado Cash, and successfully transferred 2,625.7 ETH.
• On November 21st, Polter Finance Hacker once again transferred 2,600 ETH to Tornado Cash.

Reminder: After the event

It is recommended that users be vigilant about the security of the platform when using Decentralization platforms, especially when it involves Cross-Chain Interaction operations and Decentralized Finance projects. Especially when there is a significant Fluctuation in the market, project parties should promptly conduct vulnerability detection and Risk Management to ensure the security of the platform's Smart Contracts and Cross-Chain Interaction bridges.

DeltaPrime

Project Introduction: DeltaPrime is a Decentralized Finance lending and investment platform aimed at releasing restricted Liquidity by improving capital efficiency. Users can easily deposit and borrow on the platform to enhance their Decentralized Finance investment capabilities. The platform's minimum loan-to-value ratio is 20%.

Event Introduction:

The DeltaPrime project was hacked in September, here is a complete summary:

• On September 16, DeltaPrime encountered an attack on the ARB on-chain, where the administrator may have lost the Private Key, leading to approximately $4.5 million in encryption assets being stolen. The attacker converted USDC to ETH and continued to transfer funds. The affected liquidity pools include DPUSDC, DPARB, and DPBTCb.【6】
• On September 17th, Hacker transferred about 1200 ETH (about 2.8 million USD) to a new Address and bridged the stolen funds to the Ethereum network, then deposited them into Tornado Cash.
• November 11th, DeltaPrime was attacked again on ARB and AVAX, losing about 4.8 million US dollars. The attacker increased Liquidity through LFJ and Stargate's USDC Farm, causing a loss of about 1.3 million US dollars.

Reminder: After the event

Decentralized Finance projects and platforms related to assets need to enhance security, especially strict input validation on key functions (such as reward claiming), to avoid similar attacks.

MetaWin

Project Introduction: MetaWin is an on-chain prediction gaming platform based on Blockchain technology. It offers various mini-games for user participation and provides rewards of up to 1 million US dollars.

Event Introduction:

Metawin encryption gambling platform suffered a Hacker attack on November 5, 2024, and lost over 4 million dollars in assets. The Hacker stole funds from ETH, Base, and Solana's hot Wallet, and transferred some of the proceeds to KuCoin, HitBTC, Binance, and ChangeNow. The attacker has transferred 331 ETH (about 800,000 dollars) in batches to different Wallets, with each transfer being 13, 19, and 21 ETH. In addition, 115 theft Addresses related to the attacker have been discovered, and these funds are still being transferred.

Reminder: After the event

The recent Metawin attack serves as a reminder for users to remain vigilant when using encryption platforms, especially when it comes to transferring funds involving Hot Wallet and Cross-Chain Interaction, ensuring that the platform's security measures are sufficient. Users should regularly check the platform's security announcements, avoid interacting with suspicious Addresses, and enhance account security settings (such as enabling multi-factor authentication) to mitigate the risk of drop. At the same time, platform operators should strengthen the protection of user funds, ensuring timely detection and response to potential security vulnerabilities.

Summary

In November 2024, multiple Decentralized Finance platforms were attacked by hackers, resulting in millions of dollars worth of assets being stolen. These incidents highlight the ongoing security risks of Decentralized Finance projects and remind the industry to pay more attention to security protection and vulnerability fixes. At the same time, platform security vulnerabilities and fund flow control issues have once again become a focus of attention, emphasizing the need to ensure the security of user assets and the stability of the platform while pursuing innovation and development. Gate reminds users to participate in the market cautiously and protect their funds.

Reference materials:

1. Slowmist,
2. Dune,
3. X,
4. X,
5. X,
6. X,
7. Tele,

gate Research Institute Gate Research Institute is a comprehensive blockchain and cryptocurrency research platform that provides readers with Depth content, including Technical Analysis, hot insights, market reviews, industry research, trend forecasting, and macroeconomic policy analysis.

Click link to go now

Disclaimer Crypto Assets market investment involves high risks. It is recommended that users conduct independent research and fully understand the nature of the assets and products purchased before making any investment decisions. gate is not responsible for any losses or damages caused by such investment decisions.