According to Beosin EagleEye, in November 2023, the total amount of losses from various security incidents significantly increased compared to October. There were over 26 typical security incidents in November, resulting in a total loss of $356.53 million due to hacker attacks, phishing scams, and Rug Pulls, approximately 6.9 times the total losses in October. Hacker attacks accounted for approximately $335.63 million, phishing scams about $14.6 million, and Rug Pulls about $6.3 million.

Two security incidents involving stolen funds exceeding $100 million occurred this month: the cryptocurrency exchange Poloniex was robbed of approximately $126 million, and HTX along with its related cross-chain bridge HECO Bridge was robbed of approximately $110 million. These two incidents (both projects under the ownership of Sun Yuchen) constituted 66% of the total losses from hacker attacks this month. Phishing incidents increased this month, with several individual addresses being phished for funds exceeding $1 million. Additionally, global cryptocurrency crime cases saw a significant increase, with multiple cases involving over $100 million, including various types of fraud and money laundering.

Hacker Attacks

『10』Notable Security Incidents

1. November 1: DeFi lending protocol Onyx Protocol suffered an attack due to a contract vulnerability, resulting in a loss of approximately $2.1 million.

2. November 6: DeFi project TrustPad was attacked due to a contract vulnerability, resulting in a loss of approximately $150,000.

3. November 7: An MEV robot was attacked, resulting in a loss of approximately $2 million.

4. November 9: Australian cryptocurrency exchange CoinSpot was attacked, resulting in a loss of approximately $2 million.

5. November 10: Cryptocurrency exchange Poloniex was attacked due to private key compromise, resulting in a loss of approximately $126 million.

6. November 11: Stablecoin protocol Raft was attacked due to a contract vulnerability, resulting in a loss of approximately $3.4 million.

7. November 18: DEX project dYdX suffered a market price manipulation attack, resulting in a loss of approximately $9 million.

8. November 18: Cryptocurrency quant firm Kronos Research's API key was accessed without authorization, resulting in a loss of approximately $25 million.

9. November 22: HTX (formerly Huobi) and its related cross-chain bridge HECO Bridge were attacked, resulting in a loss of approximately $110 million.

10. November 22: DEX project KyberSwap was attacked, resulting in a total loss of approximately $54.7 million. Kyber Network stated that this hacking incident was one of the most complex attacks in DeFi history, requiring a series of precise on-chain operations to exploit the vulnerability.

Phishing Scam / Rug Pull

『6』Notable Security Incidents

1. November 15: An address lost $3.4 million due to a network phishing scam. The victim was phished by signing an "increaseAllowance" transaction.

2. November 23: A Rug Pull occurred on BNB Chain with the SAI token, and the deployer removed $1.7 million in liquidity.

3. November 27: Fraud service provider Inferno Drainer announced closure, claiming to have stolen over $80 million since its establishment.

4. November 29: An address lost $1.27 million due to a network phishing scam. The victim signed a malicious Permit2 phishing signature.

5. November 30: Florence Finance project was targeted in a phishing attack, resulting in a loss of approximately $1.45 million.

6. November 30: A Rug Pull occurred on BNB Chain with the Fuding Token project, and the deployer profited approximately $520,000.

Cryptocurrency Crimes / Regulatory Cases

『10』Notable Security Incidents

1. November 1: The largest virtual currency money laundering operator in Taiwan was arrested, handling over 320 million USDT in a year.

2. November 2: Chongqing, China concluded a virtual currency money laundering case involving an amount of up to 2.25 billion CNY (approximately $309 million), sentencing 21 people.

3. November 3: The US Department of Justice seized $54 million worth of cryptocurrency from a drug trafficking group.

4. November 7: Uttar Pradesh police in India arrested 8 people again in a $300 million cryptocurrency scam.

5. November 8: Jeju police in South Korea arrested 38 people suspected of cryptocurrency fraud, involving funds of 101.4 billion KRW (approximately $77.55 million).

6. November 16: Three individuals were arrested in the US for bank fraud and a cryptocurrency money laundering scheme, involving $10 million.

7. November 20: Tether froze 225 million USDT related to an international criminal group involved in a global "pig-killing" romance scam.

8. November 21: Wuhan police in China dismantled a virtual currency money laundering gang, involving funds of 1 billion CNY (approximately $141 million).

9. November 28: Hong Kong police stated that the HOUNAX case involving virtual asset trading platform received 145 reports, involving about HKD 148 million (approximately $19.95 million).

10. November 30: Cryptocurrency mixing platform Sinbad was sanctioned by the US Treasury Department due to allegations related to North Korean hackers. Sinbad reportedly handled funds from Horizon Bridge and Axie Infinity hacking attacks and transferred funds related to "evading sanctions, drug trafficking, purchasing materials for child sexual abuse, and engaging in other illegal sales on the dark web market."

Conclusion

In general, the total amount of losses from various blockchain security incidents in November 2023 significantly increased compared to October. Security incidents at exchanges (CEX and DEX) were frequent this month, with a total loss of $215 million, including Poloniex, HTX, CoinSpot, dYdX, and KyberSwap. It is recommended that such large projects strengthen private key management, conduct regular security audits, establish emergency plans, and enhance security awareness training for privileged employees. Phishing scam incidents increased this month, and users are advised to securely store private keys, carefully check before signing, and avoid signing suspicious content.

Original Link