Source: Beosin
According to the monitoring of the EagleEye security risk monitoring, early warning and blocking platform under Beosin, a blockchain security audit company, in November 2023, the amount of losses from various security incidents has increased significantly compared with October. In November, there were more than 26 typical security incidents, with total losses caused by hacking, phishing scams and Rug Pull amounting to US$356.53 million, about 6.9 times the total losses in October. Among them, about 335.63 million US dollars were attacked, about 14.6 million US dollars were phishing scams, and about 6.3 million US dollars were Rug Pull incidents. **
There were two security incidents this month in which more than $100 million in funds were stolen: about $126 million was stolen from the crypto exchange Poloniex, and about $110 million was stolen from HTX and its related cross-chain bridge, HECO Bridge. The two security incidents, both owned by Justin Sun, accounted for 66 percent of the hack’s losses this month. **Phishing incidents increased this month compared to the previous month, with multiple cases of more than $1 million in funds being phished for a single address. In addition, there has been a significant increase in global cryptocrime cases this month, with many cases involving more than $100 million, including fraud, money laundering and other types. **
Hacking Aspects
A total of 15 typical security incidents occurred
No.1 On November 1, DeFi lending protocol Onyx Protocol was attacked due to a contract loophole, losing about $2.1 million.
No.2 On November 6, the DeFi project TrustPad was attacked due to a contract vulnerability, losing about $150,000.
No.3 On November 7, a MEV robot was attacked, with a loss of about $2 million.
No.4 On November 9, the Australian crypto exchange CoinSpot was attacked, losing about $2 million.
No.5 On November 10, the crypto exchange Poloniex was attacked due to a leak of private keys, losing about $126 million.
No.6 On November 11, the stablecoin protocol Raft was attacked due to a contract vulnerability, losing about $3.4 million.
No.7 On November 18, the DEX project dYdX was attacked by market price manipulation and lost about $9 million.
No.8 On November 18, the API key of Kronos Research, a crypto quantification company, was accessed without authorization, resulting in a loss of about $25 million.
No.9 On November 22, HTX (formerly Huobi) and its related cross-chain bridge HECO Bridge were attacked, losing about $110 million.
No.10 On November 22, the DEX project KyberSwap was attacked, causing a total loss of about $54.7 million. Kyber Network said that the hack was one of the most sophisticated in DeFi history, and that attackers would need to perform a series of precise on-chain operations to exploit the vulnerability.
Phishing Scam / Rug Pull Aspect
A total of 6 typical security incidents occurred
No.1 On November 15, an address lost $3.4 million due to phishing scams. The victim was stolen for signing an “increaseAllowance” transaction.
No.2 On November 23, a Rug Pull occurred for SAI tokens on BNB Chain, and the deployer removed $1.7 million in liquidity.
No.3 On November 27, Inferno Drainer, a scam service provider, announced its closure, claiming to have stolen more than $80 million since its inception.
No.4 On November 29, an address lost $1.27 million due to phishing scams. The victim signed a malicious Permit2 phishing signature.
No.5 On November 30, the Florence Finance project was attacked by phishing and lost about $1.45 million.
No.6 On November 30, the Rug Pull occurred for the Fuding Token project on BNB Chain, and the deployer made a profit of about $520,000.
Crypto Crime/Case Regulatory Aspects
A total of 10 typical security incidents
No.1 On November 1, it was reported that the largest virtual currency money launderer in Taiwan, China, was arrested, handling more than 320 million USDT in a year.
No.2 On November 2, it was reported that Chongqing, China, concluded a virtual currency money laundering case involving an amount of up to 2.25 billion yuan (about 309 million US dollars), and 21 people were sentenced.
No.3 On November 3, the U.S. Department of Justice seized $54 million worth of cryptocurrency from a drug trafficking gang.
No.4 On November 7, the police in Himachal Pradesh, India, arrested 8 people again in a cryptocurrency fraud case worth $300 million.
No.5 On November 8, it was reported that the Jeju police in South Korea arrested 38 people on suspicion of crypto fraud, involving 101.4 billion won (about 77.55 million US dollars).
No.6 On November 16, it was reported that three men were arrested in the United States for bank fraud and cryptocurrency money laundering schemes, involving $10 million.
No.7 On November 20, Tether froze 225 million USDT related to international crime groups. The wallets are linked to an international human trafficking syndicate in Southeast Asia and are suspected of operating a global “pig slaughter” love scam.
No.8 On November 21, it was reported that the police in Wuhan, China, smashed a virtual currency money laundering gang, involving 1 billion yuan (about 141 million US dollars).
No.9 On November 28, the Hong Kong police said that the virtual asset trading platform HOUNAX case had received reports from 145 people, involving about 148 million Hong Kong dollars (about 18.95 million US dollars).
No.10 On November 30, it was reported that Sinbad, a crypto mixing platform, was sanctioned by the U.S. Treasury Department for allegations related to North Korean hackers. Sinbad allegedly handled funds from the Horizon Bridge and Axie Infinity hacks, and also diverted funds related to “sanctions evasion, drug trafficking, purchase of child sexual abuse material, and other illegal sales on dark web marketplaces.”
In view of the current new situation in the field of blockchain security, “Beosin” concludes here:
Overall, the amount of losses from various blockchain security incidents in November 2023 has increased significantly compared with October. This month, there were frequent security incidents on exchanges (CEX and DEX), including Poloniex, HTX, CoinSpot, dYdX, and KyberSwap, with a total loss of $215 million. As there has been an increase in phishing scams this month, users are advised to keep their private keys safe, double-check them before signing, and don’t sign suspicious content**.
