November Web3 Security Incident Review: Total Loss Approximately $86.24 Million

In November 2024, the Web3 sector faced significant security challenges, resulting in a total loss of approximately $86.24 million due to various incidents. The SlowMist Security Team reported 21 hacking incidents, with major breaches affecting several platforms, highlighting the urgent need for enhanced security measures in the industry.

Key Takeaways

• Total losses from Web3 security incidents in November 2024 reached approximately $86.24 million.
• Major incidents included attacks on MetaWin, DeltaPrime, Thala, DEXX, and Polter Finance.
• Phishing attacks accounted for $9.38 million in losses, impacting over 9,200 victims.
• The report emphasizes the importance of rapid response and collaboration to safeguard digital assets.

Overview Of Security Incidents

November 2024 saw a total of 21 hacking incidents, with losses primarily attributed to contract vulnerabilities, account hacks, and price manipulation. The SlowMist report detailed the following major incidents:

1. MetaWin
   On November 4, the crypto gambling platform MetaWin was attacked, leading to a loss of over $4 million. The attacker exploited the platform's withdrawal system to access its hot wallet.
2. DeltaPrime
   On November 11, the DeFi protocol DeltaPrime suffered an attack resulting in an estimated loss of $4.75 million due to insufficient input validation in its reward claiming feature.
3. Thala
   On November 15, the Aptos-based DeFi project Thala was breached, resulting in a theft of $25.5 million. The project team managed to recover $11.5 million by freezing some tokens and negotiating with the attacker, who was allowed to keep $300,000 as a bounty.
4. DEXX
   On November 16, the on-chain trading terminal DEXX experienced a significant breach, with losses reaching $21 million. The SlowMist Security Team is currently assisting in the investigation of this incident.
5. Polter Finance
   On November 17, the Fantom-based DeFi project Polter Finance was attacked, resulting in losses of approximately $12 million through a flash loan exploit.

Phishing Attacks And Their Impact

Phishing attacks were notably prevalent in November, with Scam Sniffer reporting 9,208 victims and losses totaling $9.38 million. These incidents underscore the need for increased awareness and protective measures against such scams.

Recommendations For Enhanced Security

The SlowMist Security Team has emphasized the importance of regular security audits and vigilance against emerging threats. Key recommendations include:

• Conducting comprehensive security audits regularly.
• Monitoring and addressing new security vulnerabilities promptly.
• Strengthening overall supply chain security management.
• Ensuring rigorous testing of AI-generated code before deployment.

Conclusion

The November 2024 Web3 security incidents serve as a stark reminder of the vulnerabilities present in the digital asset space. As the industry continues to evolve, collaboration and proactive measures will be essential in safeguarding against future threats and protecting user assets.

Sources

• November Web3 Security Incident Review: Total Loss Approximately $86.24 Million - ChainCatcher, ChainCatcher.
• $86 Million Lost to Web3 Security Breaches in November 2024, FXDailyReport.Com.