Hacks decline for the second month running, but still results in $65M in crypto losses

November saw just 50 instances of hacks and exploits targeting apps and protocols. Certik noted both the number of hacks and the crypto stolen declined for the second month in a row. 

Hacks and exploits have been on the decline since September. November’s result shows a total of 50 successful attacks with an estimated value of $65M. Data by Certik shows a two-month streak of declining attacks, despite the record market value of crypto assets. November was also the second-slowest month when it came to direct crypto hacks. 

Hacks decline in November 2024 compared to November 2023

Certik’s estimate for November is the most conservative, based on its methodology. The Web3 auditing firm tracks big exploits against DeFi, protocols, and enterprise wallets. 

Certik also excludes decentralized and trading attacks, including sandwich attacks, flash loan trades, and rug pulls. Other estimates that include a wider selection of hacks tally up the losses to $71M or even up to $85M. The result for November 2024 is still smaller compared to November 2023, where a total of $343M was lost, based on estimates by ImmuneFi. 

November 2023 was a notable month, with a $118M hack against the Poloniex exchange. In comparison, November 2024 shows a slowdown of big exploits and a turn toward small DEX and DeFi protocols. 

November also saw an acceleration of attacks directed at personal wallets through malicious links, supply chain attacks, or social phishing. According to ScamSniffer data, 9,208 victims were affected in small-scale exploits against personal wallets. A total of $9.3M were lost. 

Hacks slow down, on track to remain below 2023 levels

Hacks and exploits on a year-to-date basis make up to $1.49B in a total of 209 notable incidents, with the most activity around mid-2024. For now, the year’s exploits are smaller compared to 2023 with a total of $1.7B. Peak activity for crypto exploits happened in 2022 when hackers took hold of more than $3.7B. 

Besides the bear market, one of the factors was a slowdown of the Lazarus Group activity, at least based on the usage of TornadoCash. The other reason is an attempt to shift exploits to the Solana ecosystem, while Ethereum is still the biggest target for exploits. 

Activity on Tornado Cash fell off a cliff in 2022, after the OFAC sanctions verdict. Even after the verdict was overturned in 2022, the mixer did not regain its original volume. TornadoCash remains the most widely used for Ethereum-based ERC-20 assets. TornadoCash, however, remains key to mixing funds, with recent deposits from the DEXX hack getting sent in test transactions. 

Hacks become more detailed and creative

The biggest hack for November was DEXX, which exposed thousands of Solana wallets and led to a loss of $30M. The DEXX hack exposed 8,620 Solana wallets as a result of social engineering to steal private keys. 

Thala Labs was the second-biggest hack in November, for a total of $25.5M. The exploit was white-hatted, later allowing the platform to recover its funds after deducting a $300K bug bounty.

Gifto was a questionable hack, where new tokens were printed and sold on exchanges. Polter Finance lost $12M in an Oracle exploit, while Delta Prime erased $4.8M in a contract exploit. MetaWin was another mid-range hack, where a smart contract allowed for oversized withdrawals. The betting platform lost $4M from its permissionless withdrawal contract. The smallest hack was XT Exchange, losing between $1M and $1.7M from compromised wallets. 

Certik, whose main task is private contract audits, noted November arrived with multiple exploits based on flawed logic. Audits do not always guarantee a contract will not be exploited, but a total lack of audits may be an easy target for hackers. 

At the same time, bridge hacks and exploits have almost disappeared, as projects rarely use bridge activity and have siloed their liquidity.

A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.