CertiK Logo
CertiK Logo
Products
Blogs
Company
incident-response

Products & Technology

Featured Ecosystems

Company

English
Back to all stories
Reports
Incident Analysis
November 2022 Monthly Report
11/30/2022
November 2022 Monthly Report

https://www.certik.com/resources/blog/6btncrrEjKptRwbIlkpSFo-november-stats-graph

Introduction

So far in 2022, ~ $3.4 billion has been lost to various scams and exploits in the Web3 world and a total of 573 attacks recorded this year. November has seen a slight decrease from last month with 36 major attacks recorded. Although the number of attacks decreased, the loss per attack increased significantly with an average of $16,551,316 loss per attack versus $7,266,586 in October. Exit scams have also skyrocketed this month, with a 375.5% increase from October with a total of ~$29,876,968 losses and 35 incidents recorded in November versus $7,199,798 for 26 incidents in the month of October. The number of flash loan attacks decreased by half compared to last month with a total of 8 incidents recorded. However, losses increased: $5M was lost this month versus $1M in October. Discord and NFT scams have continued to decrease every month with 12 incidents recorded this month versus 97 in August and 57 in September. Out of the 62 exploits recorded this month, 35 were deemed exit scams, 8 were analyzed as flashloan attacks, and 19 fell into other incident categories.

Major Incidents

The month of November saw a total of 36 major attacks. This is equivalent to the number of attacks we had in June. An average of $16,551,316 was lost per attack, which is a significant increase from the average of $7,266,586 per attack in the month of October.

The first major exploit was the FTX hack which saw a $477M loss. Moments after FTX filed for bankruptcy on November 11th, 2022 Ryne Miller, General Counsel at FTX tweeted that they were” investigating abnormalities”. On November 12th, 2022 a tweet from Ryne Miller said the company “initiated precautionary steps” and moved all its digital assets to cold storage, meaning the crypto wallet is no longer connected to the internet. There are numerous theories on how the hack had happened but most reports suggest it was an inside job. FTX ranks as the 2nd largest attack this year, behind the Ronin Bridge ($624M) in March. FTX is still an ongoing investigation and will be for quite some time.

The second largest exploit, which took place on November 2nd, 2022, was Derbit Exchange’s hot wallet exploit. A private key leak may have led to the loss of ~$28m in USDC, ETH and BTC across the Ethereum and Bitcoin chains. This is the third largest private key compromise of 2022. Derbit Exchange stated that the loss will be covered by company reserves. The Derbit Exchange claims to keep “99% of user funds in cold storage to limit the impact of these types of events”. They also stated that operations were not impacted by the event and that it is now impossible for any hacker to initiate withdrawals because it will now require additional human confirmation. They believe going forward that this will never happen again on their platform.

The third most significant loss, reported on November 13, 2022, was a recorded exit scam of $18.5M on Flare Token. This token is not related to Flare Networks. This Flare token did not have any social media accounts. As of right now the deployer who exit scammed is currently washing money via Tornado cash.

Exit Scams

November saw losses of $29,876,968 which is a 375.5% increase from October. These losses came from 35 confirmed incidents which represents a 40% increase in the number of exit scams from last month. The $29.8M in losses is unusual for the year with 6 out of 11 months this year seeing exit scams losses between ~$6m - ~$8m. There was one major outlier in the exit scam statistics this month. The largest exit scam was the $FLARE token. The FLARE project rug pulled for a total of ~$18.5 million on November 13th, 2022. This event makes up the majority of funds lost in exit scams for the month of November.

Similar to previous months, we witnessed numerous instances of tokens washing money that have not been counted in our monthly statistics. These daily occurrences are qualified as potential money laundering. The majority of incidents were discovered on the BNB Smart Chain.

Flash Loans

For the month of November there were fewer attacks compared to the month of October but the total number of losses was greater than. The number of total attacks at 8, was a significant decrease compared to October which had a total of 16 attacks. Though the number of attacks is fewer, the total number of losses for November was approximately $6 million, a staggering $5 million more than the previous month of October which totaled at $1M. An average of $637,378 was lost per attack, which is a significant increase from the average of $97,748 per attack in the month of October.

The most significant flashloan attack occurred on DFX Finance. At 8 PM UTC on Nov 10, 2022, DFX Finance's swapping contracts were attacked, leading to a loss of approximately $5M. The attacker took advantage of the vulnerable flashloan mechanism in the swapping contracts which bypassed the check of repaying the flash loan by depositing tokens to the contracts and then withdrew tokens from contracts after finishing the flash loan. The vulnerability lies in a design issue where the contract does not take into consideration that the flash loaned tokens can be used for deposit and finally “repay” flash loan.

Discord/NFT Scams

Discord compromises have continued to fall for the 5th consecutive month, with just 12 recorded, for the month of November. The number of NFTs taken has remained high due to an incident on 27 November in which 253 NFTs were stolen. Those NFTs had a combined value of 44.95 ETH (~$52.5k). NFT hype appears to be at its lowest this year which is likely a contributing factor. The phishing exploit known as ‘Monkey Drainer’ is still active and is attributed to the aforementioned incident.

Conclusion

Overall, November saw the second largest amount of funds lost to hacks, exploits and scams this year. This figure is particularly high due to the hack on the FTX Exchange which amounted to $477m lost. This incident alone made up 79% of the total funds lost, and without it November would’ve been the third lowest month of the year regarding funds lost at $119.5m. Every month this year that has seen extremely high amounts lost has usually been because of the amount lost in one or two outlier incidents.

Related Stories
Hack3d: The Web3 Security Quarterly Report - Q1 2024
Reports
Security
A total of $502,522,934 was lost to 223 hacks, scams, and exploits throughout the first quarter of 2024. Check out our comprehensive report for all the statistics, data, and analysis you need to understand the current state of onchain security.
4/3/2024
Hack3d: The Web3 Security Report 2023
Reports
Educational
Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security. Each report contains detailed incident analyses, technical insights, and the most comprehensive statistics on hacks, scams, and exploits in the entire Web3 industry.
1/3/2024
Kronos Research Incident Analysis
Reports
Incident Analysis
On 18 November 2023, Kronos Research announced, via social media platform X, that unauthorized access to their API resulted in a loss of approximately $26 million. The incident isn’t a typical private key compromise which often refers to the private key of a victims wallet, but instead was due to a API private key compromise. Whilst there are differences between the two, this incident resulted in the victim losing control of their funds. Since the API keys belonging to Kronos Research were compromised, we are classifying this incident as a private key compromise, which have seen $134 million lost in November alone.
11/20/2023
CertiK Logo
SOC
© 2024 by CertiK. All Rights Reserved.
Products & Technology
Smart Contract AuditSkynetSecurity ScoreKYCPenetration TestingBug BountyFormal VerificationAdvisory ServicesSkyHarborSkyInsights
Company
AboutVenturesBlogCareersDisclaimerPrivacy PolicyCookie PolicyTerms and ConditionsTrust and Security
Social Media
CertiKSecurity LeaderboardCertiK AlertTelegramYoutube
MediumLinkedIn
Wechat
Discord
MediumLinkedIn
Wechat
Discord
© 2024 by CertiK. All Rights Reserved.
;