Crypto Hacks Soar in November, Resulting in $343,000,000 Stolen

Published: Nov 30, 2023
Written By:
Vignesh Karunanidhi
Milk Road Writer

The crypto industry witnessed its highest monthly losses this year in November 2023 as hacks and frauds targeting decentralized finance (DeFi) and centralized finance (CeFi) surged. With over $343 million lost, the ecosystem saw a 15-fold increase in damages compared to October 2023. The data is from a November 2023 crypto loss report.

Major Incidents Drive Record Losses

Several high-profile exploits targeting crypto exchanges and protocols like Poloniex, HTX Exchange, and Kronos Research led monthly losses to skyrocket in November. Key incidents included:

  • Poloniex lost $126 million as hackers exploited a vulnerability in the exchange’s hot wallet infrastructure. 
  • Heco Chain looted for $85,400,000.
  • Decentralized exchange KyberSwap fell victim to an arbitrage attack that drained $48.3 million from the protocol.
  • Centralized exchange HTX Exchange saw $30 million vanish in a suspected exit scam by its operators.
  • DeFi research firm Kronos Research lost $26 million after an attacker compromised one of its admin keys and stole developer funds.

Hacks Outpace Frauds

Hacks continued to make up the lion’s share of damages in November 2023, accounting for 97.8% of total losses. Only around 2.2%, or $7.5 million, was lost to frauds like rug pulls. In total, the ecosystem saw 18 major hacking incidents, resulting in over $335 million being stolen.

Hacks continue to be the dominant cause of losses, comprising a staggering 97.8% of the total losses in November 2023. In contrast, fraud accounts for a mere 2.2%.

  • Hacks: Total losses due to hacks amount to $335,574,150 across 18 specific incidents in November 2023.
  • Fraud: Incidents of fraud contributed to a loss of $7,464,660 across 23 specific cases during the same period.

CeFi Overtakes DeFi as Leading Target

In a deviation from most months, CeFi overtook DeFi to become the main target for exploits when measured by total damages. Centralized services accounted for 53.8% of the losses in November 2023, while decentralized apps and protocols made up 46.2% of the figures.

  • DeFi Losses: DeFi suffered losses amounting to $158,638,810 across 37 incidents in November 2023.
  • CeFi Losses: CeFi, on the other hand, saw total losses of $184,400,000 across only 4 incidents, marking a concentrated impact.

BNB Chain and Ethereum See Worst Hits

The Binance Smart Chain ecosystem and Ethereum were the most heavily targeted blockchains in November 2023. Together they accounted for over 80% of the total losses across different chains.

  • BNB Chain saw 22 breach incidents that cost the ecosystem $183.9 million, making up 53.7% of chain-specific damages.
  • Ethereum was hit with 12 major exploits totaling over $100 million lost, accounting for 29.3% of chain losses.
  • Three incidents on Arbitrum amounted to $25 million stolen, representing 7.9% of the November 2023 figures.

Immunefi, as a bug bounty and security services platform, played a crucial role in assessing and mitigating vulnerabilities in the crypto space.

  • Total Bounties Paid: Immunefi has paid out over $85 million in total bounties, demonstrating its commitment to securing the Web3 environment.
  • Large-Scale Projects: The platform supports more than 300 projects, including major players like Synthetix, Chainlink, Polygon, and MakerDAO.
  • Largest Bug Bounty Payments: Immunefi has facilitated the largest bug bounty payments in the history of software, including a remarkable $10 million for a vulnerability discovered in Wormhole.
  • Other Notable Payments: The platform awarded $6 million for a vulnerability in Aurora and $2.2 million for a vulnerability in Polygon, showcasing its commitment to fostering a secure crypto landscape.

With the spate of recent exploits, the crypto industry has now lost over $1.75 billion to crypto hacks and frauds in 2023 year-to-date. As protocols continue to harbor vulnerabilities, critics argue that lax security practices are preventing mainstream adoption.

However, projects are also increasingly collaborating with bug bounty platforms to strengthen defenses and avoid incidents.

Vignesh Karunanidhi
Milk Road Writer
Vignesh has been a seasoned professional in the crypto space since 2017. He has been writing for over 5 years and specializes in writing and editing various types of crypto content, including news articles, long-form pieces, and blog posts, all focused on sharing the beauty of blockchain and crypto.