The Poloniex and HTX/Heco Bridge exploits as well as the KyberSwap flash loan attack were the three largest incidents in November, according to blockchain security firm CertiK.
1995 Total views
30 Total shares
The cryptocurrency industry has now seen its most “damaging” month for crypto thievery, scams and exploits in 2023, with crypto criminals walking away with $363 million in November, according to a blockchain security firm.
Around $316.4 million came from exploits alone, flash loans inflicted $45.5 million in damage, and $1.1 million was lost to various exit scams, CertiK stated in a Nov. 30 X (formerly Twitter) post.
Combining all the incidents in November we’ve confirmed ~$363M lost to exploits, hacks and scams
This makes November the most damaging month this year
Exit scams were ~$1.1M
Flash loans were ~$45.5M
Exploits were ~$316.4M
See more details below pic.twitter.com/QoDy6d8IJH
— CertiK Alert (@CertiKAlert) November 30, 2023
The largest exploits in November occurred on Poloniex and HTX/Heco Bridge, with losses of $131.4 million and $113.3 million, respectively.
The third largest exploit was inflicted on a single victim who lost $27 million from a phishing attack.
Meanwhile, the $45 million KyberSwap attack accounted for nearly all damage done for flash loan attacks in the month.
The latest monthly figure has surpassed an earlier record of $329 million, set in September, caused mainly by the $200 million Mixin Network attack.
As of the end of November, about $1.7 billion has now been lost to exploits, exit scams and flash loan attacks in 2023. This makes up only 54% of the crypto drained in the full year 2022, when $3.7 billion was drained to crypto incidents, while 2021 saw losses of $1.7 billion, according to CertiK.
Related: Blockchain audits: The steps to ensure a network is secure
In recent comments to Cointelegraph, Ronghui Gu, one of CertiK’s founders, argued that getting a standard smart contract audit isn’t enough these days.
He stressed that thieves continue to find new and creative ways to exploit protocols and victims, with SIM-swapping and multisignature vulnerabilities among the most recent security pitfalls being capitalized on.
Exploits of this nature are hindering adoption, believes Christian Seifert, a researcher at security firm Forta Network, who also spoke with Cointelegraph:
“Imagine you losing all your savings because the branch of your bank got broken into overnight. You wouldn’t bank there.”
These incidents “scare away” people who were previously open to exploring the Web3 space, said Jerry Peng, a research analyst at Web3 analytics firm 0xScope, in a recent note to Cointelegraph.
Magazine: Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity
