Web3 Security Incidents Resulted in Over $86 Million in Losses in Past Month – Report

Last month, the total losses from Web3 security incidents have reportedly amounted to appr. $86.24 million. According to the SlowMist Hacked Database, 21 hacking incidents were recorded, resulting in losses of appr. $76.86 million, of which “$25.5 million was recovered.”

As mentioned in the update from SlowMist, the primary causes of these incidents included the following: smart contract vulnerabilities, account compromises, and price manipulation.

Data from the Web3 anti-phishing platform Scam Sniffer revealed that 9,208 victims fell prey to phishing attacks in November, “incurring a total loss of $9.38 million.”

Key Incidents

1. MetaWin

Date: November 4, 2024
Loss: Over $4 million

Details: Blockchain detective ZachXBT reported that the crypto gambling platform MetaWin was compromised “on both Ethereum and Solana.”

The attackers exploited MetaWin’s withdrawal system, “gaining unauthorized access to the platform’s hot wallets.”

2. DeltaPrime

Date: November 11, 2024
Loss: $4.75 million

Details: The DeFi protocol DeltaPrime was exploited “on Avalanche and Arbitrum due to insufficient input validation in its reward claiming mechanism.”

3. Thala

Date: November 15, 2024
Loss: $25.5 million (partial recovery)

Details: The Aptos-based DeFi project Thala was “attacked via a smart contract vulnerability, leading to significant losses.”

The project team froze $11.5 million in assets and, after negotiations, recovered the funds, “allowing the attacker to retain $300,000 as a bounty.”

4. DEXX

Date: November 16, 2024
Loss: $21 million

Details: Several users of the on-chain trading terminal DEXX suffered “losses due to an ongoing attack.” The SlowMist security team “identified 8,612 attacker addresses on Solana, with EVM-based addresses to follow.”

5. Polter Finance

Date: November 17, 2024
Loss: $12 million

Details: The Fantom-based DeFi project Polter Finance fell victim to a flash loan attack that “drained BOO token reserves and manipulated token pricing.”

Efforts to negotiate fund recovery via “on-chain messaging and reports to Singaporean authorities remain unresolved.”

Analysis and Recommendations

Incident Trends

The number and scale of incidents decreased “compared to the previous month, indicating progress in industry security measures.”

Smart contract vulnerabilities remained the leading cause, “accounting for 39% of total losses ($30 million across 7 incidents).”

Regular security audits and proactive threat monitoring “are essential for protecting assets.”

Emerging Threats: AI Supply Chain Attacks

A new trend observed this month involved AI poisoning attacks, where compromised AI-generated code was “leveraged in the crypto industry.”

Developers relying on AI tools should ensure rigorous code review, and all implementations must undergo “comprehensive testing before deployment.
Strengthening supply chain security, including evaluating third-party tools and services, is critical to mitigating risks.”

At SlowMist, they are focused on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence.

Their expertise is grounded in providing “comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele.”

They’ve established a network for threat intelligence collaboration, positioning ourselves as a key player in the blockchain security landscape.

They offer tailor-made security solutions that span from “identifying threats to implementing effective defense mechanisms.”

This approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP.

Their mission is to ensure the blockchain ecosystem is “not only innovative but also secure and reliable.”

By delivering a security solution customized to individual projects, they can “identify risks and prevent them from occurring.”

Their team was able to find and publish several “high-risk blockchain security flaws.” By doing so, they aim to help spread “awareness and raise the security standards in the blockchain ecosystem.”



Sponsored Links by DQ Promote

 

 

 
Send this to a friend