Cointime

Download App
iOS & Android

Crypto thieves steal $363M in Nov, the most ‘damaging’ month so far

The cryptocurrency industry has now seen its most “damaging” month for crypto thievery, scams and exploits, with crypto criminals walking away with $363 million in November, according to a blockchain security firm.

Around $316.4 million came from exploits alone, flash loans inflicted $45.5 million in damage, and $1.1 million was lost to various exit scams, CertiK stated in a Nov. 30 X (formerly Twitter) post.

The largest exploits in November occurred on Poloniex and HTX/Heco Bridge, with losses of $131.4 million and $113.3 million, respectively.

The third largest exploit was inflicted on a single victim who lost $27 million from a phishing attack.

Meanwhile, the $45 million KyberSwap attack accounted for nearly all damage done for flash loan attacks in the month.

The latest monthly figure has surpassed an earlier record of $329 million, set in September, caused mainly by the $200 million Mixin Network attack.

As of the end of November, about $1.7 billion has now been lost to exploits, exit scams and flash loan attacks in 2023. This makes up only 54% of the crypto drained in the full year 2022, when $3.7 billion was drained to crypto incidents, while 2021 saw losses of $1.7 billion, according to CertiK.

In recent comments to Cointelegraph, Ronghui Gu, one of CertiK’s founders, argued that getting a standard smart contract audit isn’t enough these days.

He stressed that thieves continue to find new and creative ways to exploit protocols and victims, with SIM-swapping and multisignature vulnerabilities among the most recent security pitfalls being capitalized on.

Exploits of this nature are hindering adoption, believes Christian Seifert, a researcher at security firm Forta Network, who also spoke with Cointelegraph:

“Imagine you losing all your savings because the branch of your bank got broken into overnight. You wouldn’t bank there.”

These incidents “scare away” people who were previously open to exploring the Web3 space, said Jerry Peng, a research analyst at Web3 analytics firm 0xScope, in a recent note to Cointelegraph.

Comments

All Comments

Recommended for you

  • BuildBear Labs Raises $1.9M to Accelerate Development of Web3 Tools for Secure dApp Creation

    Singapore-based BuildBear Labs has secured $1.9m in funding from investors including Superscrypt, Tribe Capital, and 1kx, as well as angel investors such as Kris Kaczor and Ken Fromm. The funds will be used to speed up development of the company's flagship platform, which provides developers with testing and validation solutions for secure decentralized applications. BuildBear Labs' platform is dedicated to dApp development and testing, offering developers the ability to create customised Private Testnet sandboxes across multiple EVM and EVM-compatible blockchain networks, with features including private faucets for unlimited Native and ERC20 token minting.

  • I Don't Like Layer 2 Anymore

    I had been quite vocal about Optimism on Twitter when it was trading at north of 5bn FDV back in June last year with a view that this red coin is criminally undervalued.

  • OnChainMonkey: Reimagining Bitcoin NFTs

    Exploring Ordinals As a Medium for Art and Programmability

  • Collusion-Resistant Impartial Selection Protocol (CRISP)

    We propose the Collusion-Resistant Impartial Selection Protocol (CRISP) to improve on MACI’s honest Coordinator assumption. By leveraging threshold cryptography and fully homomorphic encryption (FHE), we enable a distributed set of Coordinators (a “Coordinator Committee”) and shift the trust model from an honest Coordinator assumption to an assumption that there is no threshold of dishonest Coordinators in the Coordinator Committee. We propose to increase the trust model further by introducing economic disincentives for compromised Coordinators.

  • Multiple incidents of stETH being stolen and cross-chained to the Blast mainnet were discovered. The victim’s mnemonic words/private keys may have been leaked.

    SlowMist founder, Yu Xian, posted on X platform stating that SlowMist and MistTrack have received at least four cases of stETH being stolen and cross-chain transferred to the Blast mainnet. The common feature is that a small amount of ETH transaction fee is sent from an address with obvious traces (including exchanges) to the stolen address, and then stETH is cross-chain transferred to the Blast mainnet for subsequent transfer, and finally the remaining small amount of ETH in the victim's address is transferred to different ETH addresses. The known loss exceeds 100 stETH, and it is likely a group event. The mnemonic phrase/private key of these victims must have been leaked, and the attackers lurked to start on the Blast mainnet. Previously, Scam Sniffer monitoring showed that a certain address lost over 10 BTC pledged on Aave and some PANDORA due to interaction (clicking on the signature authorization) with a fake Blast airdrop website, with a total loss of approximately $717,817.

  • Hong Kong has closed the application for virtual asset trading platform licenses, and a total of 22 virtual asset trading platforms are waiting for approval.

    The Hong Kong Securities and Futures Commission website shows that the deadline for virtual asset trading platform license applications was yesterday (29th). As of the update on February 28th, there were a total of 22 virtual asset trading platform applicants.The applicants include Bybit, OKX, Crypto.com, Gate.io, HTX, Bullish, and others.Ammbr, BitHarbour, and Huobi HK withdrew their applications, while Meex had its application returned by the Securities and Futures Commission.In addition, virtual asset trading platforms operating in Hong Kong that did not submit license applications to the Securities and Futures Commission by yesterday (29th) must end their business in Hong Kong by May 31, 2024, at the latest.

  • In February, NFT sales on the Bitcoin chain were approximately US$301 million, down nearly 10% from the previous month.

    According to cryptoslam data, the sales of NFTs on the Bitcoin blockchain in February reached $301,983,035.33, a decrease of nearly 10% from the previous month's $335,121,977.66, and the fourth-highest monthly sales to date. The total number of NFT transactions on the Bitcoin blockchain in February was approximately 203,000, a decrease of about 18.4% from the previous month. In addition, there were 67,139 independent buyers and 57,724 independent sellers of NFTs on the Bitcoin blockchain last month.

  • Attorneys general of many U.S. states: SEC is expanding the definition of “investment contract”

    Law enforcement officials from Montana, Arkansas, Iowa, Mississippi, Nebraska, Ohio, South Dakota, and Texas submitted a joint amicus brief (or friend of the court brief) to the United States Securities and Exchange Commission in the lawsuit against Kraken on Thursday. The brief states that the states are not supporting the exchange, but rather opposing federal regulatory agencies. If the SEC wins, it may prioritize state consumer protection laws and state regulations surrounding cryptocurrencies.

  • Ethereum mainnet interaction costs rise sharply

    On March 1st, due to the heat of the market and the rise in the price of Ethereum, the interaction cost on the Ethereum mainnet has significantly increased. In the past 24 hours, the lowest average value of Gas on the Ethereum mainnet was about 50 gwei, under which:

  • Blockchain data analysis company Octav completes US$4 million in strategic financing

    According to official sources, blockchain data analysis company Octav has announced the completion of a strategic investment of $4 million. The funding round was led by high net worth individuals in the cryptocurrency space, but their identities have not been disclosed. Currently, Octav is primarily focused on unlocking the potential of on-chain data using machine learning technology to improve the accuracy of data labeling and classification. Its clients include Gelato, Request Finance, and Alchemix.