According to Slowmist data, November 2024 recorded 21 hacking incidents with losses totaling $76.86 million. The attacks primarily involved contract vulnerabilities, account hacks, and other methods. Both the number of incidents and total losses decreased significantly from October, suggesting improvements in industry security measures and awareness. Contract vulnerabilities remained the leading cause of attacks, with seven incidents causing over $30 million in losses—39% of the total. Official X accounts and websites of crypto projects continued to be prime targets for hackers. [1]

According to Scam Sniffer data, the distribution of public chain security incidents this month indicates that losses were mainly concentrated on several mature and popular public chains, particularly Ethereum and Polygon, which saw security incidents causing losses exceeding $6.91 million and $1.05 million, respectively. This highlights that while the underlying security of public chains remains robust, vulnerabilities in the application layer and in smart contracts still pose significant risks to user funds. [2]

Several blockchain projects experienced significant security incidents this month, resulting in substantial financial losses. Notable incidents include the Thala contract vulnerability causing a $25.5 million theft, the DEXX private key leak leading to a $21 million loss, and the Polter Finance flash loan attack resulting in a $12 million loss.

Based on official disclosures, the following projects suffered losses exceeding $1 million in November. These incidents underscore that contract vulnerabilities remain a significant threat.

Project Overview: Thala is a decentralized stablecoin protocol built on Aptos, aiming to provide yield-generating stablecoins and a liquidity supply layer. The protocol supports various forms of collateral, including liquid staking derivatives, liquidity pool tokens, deposit receipt tokens, and assets tied to real-world assets (RWAs). This diversified collateral design ensures decentralization and censorship resistance while also enhancing capital efficiency.
Incident Overview:
On November 15, 2024, the Aptos-based DeFi project Thala experienced a security breach, resulting in a loss of $25.5 million. The attacker exploited a vulnerability in the smart contract. Following the incident, the team promptly suspended the affected contracts and froze some token assets. [3]
Upon investigation, the team successfully froze approximately $11.5 million of the stolen assets. Subsequently, they collaborated with law enforcement and multiple blockchain security teams to address the incident. Through negotiations, the team managed to recover the stolen funds, with the attacker receiving a $300,000 bounty as part of the agreement.
Post-Incident Recommendations:
Project Overview: DEXX is an on-chain token trading terminal designed specifically for memecoin trading, offering comprehensive functionality. The platform integrates precise data analysis tools, advanced trading strategies such as mobile stop-loss and take-profit, as well as smart wallet monitoring and real-time notifications to help users optimize their trading experience and efficiently manage assets.
Incident Overview:
On November 16, DEXX experienced a significant security breach due to mismanagement of the official private key, resulting in a private key leak. This led to the theft of user assets totaling over $21 million, affecting more than 500 victims. Impacted tokens included BAN, Banana, and LUCE, with BAN incurring the highest losses. [4]
The following is a timeline of the DEXX hacking incident:
Post-Incident Recommendations:
Project Overview: Polter Finance is a decentralized, non-custodial lending platform on the Fantom (FTM) blockchain, designed to provide proportional interest income to depositors.
Incident Overview:
The following is a timeline of the Polter Finance hacking incident:
Post-Incident Recommendations:
Users are advised to exercise caution when using decentralized platforms, particularly those involving cross-chain operations and DeFi projects. Be vigilant about the platform’s security measures, especially during periods of significant market volatility. Project teams must prioritize regular vulnerability assessments and robust risk management practices to ensure the safety of smart contracts and cross-chain bridges.
Project Overview: DeltaPrime is a decentralized lending and investment platform designed to unlock restricted liquidity by enhancing capital efficiency. Users can easily deposit and borrow on the platform to amplify their DeFi investment capabilities. The platform offers a minimum collateralization rate of 20%.
Incident Overview:
DeltaPrime experienced multiple hacking incidents in September and November, as shown in the following timeline: \
Post-Incident Recommendations:
DeFi projects and asset-related platforms must bolster security measures, particularly around critical functionalities like reward claiming. Implementing strict input validation and routine audits can help prevent similar attacks in the future.
Project Overview: MetaWin is a blockchain-based on-chain prediction gaming platform offering a variety of mini-games with prizes of up to $1 million.
Incident Overview:
On November 5, 2024, MetaWin’s crypto gambling platform suffered a hacking attack, resulting in over $4 million in asset losses. The attacker stole funds from hot wallets on Ethereum, Base, and Solana and partially transferred the stolen assets to KuCoin, HitBTC, Binance, and ChangeNow. The attacker distributed 331 ETH (approximately $800,000) across multiple wallets, with each transfer comprising 13, 19, and 21 ETH. Additionally, 115 theft-related addresses linked to the attacker were identified, and the stolen funds are still being transferred. [7]
Post-Incident Recommendations:
The MetaWin attack serves as a reminder to stay vigilant when using crypto platforms, particularly with hot wallets and cross-chain transfers. Users must verify that platforms have robust security measures in place. Regular checks of security announcements, avoiding suspicious addresses, and strengthening account security through multi-factor authentication can help minimize risks. Meanwhile, platforms need to strengthen user fund protection and implement systems for swift detection and response to potential security threats.
In November 2024, multiple DeFi platforms were hacked, resulting in millions of dollars in stolen assets. These incidents underscore the ongoing security risks in the DeFi sector, emphasizing the industry’s need to prioritize security measures and address vulnerabilities. Platform security and fund flow control remain critical areas of focus. As the industry continues to innovate, ensuring user asset safety and platform stability must be paramount. Gate.io reminds users to exercise caution in the market and safeguard their funds.
References:
Gate Research
Gate Research is a comprehensive blockchain and cryptocurrency research platform that delivers in-depth content. This includes technical analysis, hot topic insights, market reviews, industry research, trend forecasts, and macroeconomic policy analysis.
Click here to visit now
Disclaimer
Investing in the cryptocurrency market involves high risk, and it is recommended that users conduct independent research and fully understand the nature of the assets and products they are purchasing before making any investment decisions. Gate.io is not responsible for any losses or damages caused by such investment decisions.





