Based on the insights from the SlowMist Blockchain Hacked Archive, the month of November 2023 was marked by “a significant number of security breaches within the blockchain sector.”
In total, 47 distinct incidents were recorded, “cumulatively leading to a substantial loss estimated at around $349 million.” This figure not only “sheds light on the ongoing challenges faced in safeguarding digital assets but also the critical need for continuous advancements and stronger security measures in the rapidly evolving space of blockchain.”
Notable Incidents
Onyx Protocol
On November 1, 2023, the DeFi lending protocol Onyx Protocol “was attacked, resulting in a loss of 1,164.53 ETH, approximately $2.1 million.”
The SlowMist security team analyzed “that the attacker’s methods were similar to those used in the attack on Hundred Finance. They manipulated interest rates to borrow more funds than expected to carry out the attack. According to MistTrack analysis, the stolen funds have been transferred to Tornado Cash.”
TrustPad
On November 6, 2023, a staking contract “on the cross-chain financing platform TrustPad was attacked, resulting in a loss of about $155,000. On November 9, TrustPad published a post-attack analysis, explaining that the attack occurred because the `receiveUpPool` function did not validate `msg.sender`, allowing the attacker to manipulate `newlockstartTime`. The attacker repeatedly called `receiveUpPool()` and `withdraw()` to collect rewards, and then used `stakePendingRewards` to convert these rewards into staked amounts. Finally, the attacker withdrew the rewards using `withdraw()`.”
TheStandard.io
On November 7, 2023, TheStandard.io, “a decentralized over-collateralized stablecoin protocol, was attacked, resulting in a loss of approximately $290,000. The key to this vulnerability was the low liquidity in the PAXG pool, which the attacker exploited to manipulate the market. On November 9, the attacker returned 243,000 EUROs to the protocol.”
For a complete list of exploits, check here.
Rug Pulls
According to incomplete statistics, there “were 24 rug pull incidents this month.” The highest proportion of these “occurred in the BSC (Binance Smart Chain) ecosystem, followed by the ETH (Ethereum) ecosystem.”
The update concluded:
“In November, the combined losses from “the Poloniex, HTX, and Heco Bridge incidents reached $243 million, accounting for approximately 69% of the total losses from security events this month. There were 24 rug pull incidents, making up 51% of the total number of security events. Users should thoroughly understand the background and team of projects before participating, and be cautious in their investment choices. Two incidents involving liquidity exploitation caused approximately $54.99 million in losses to project operators.”