November Crypto Incidents: Users bear heavy Losses of $356 Million Due to Hacks, Phishing and Rug Pulls

Malicious actors stole cryptocurrencies worth more than $356 million in November 2023.

Crypto hacks led to losses amounting to $335.63 million, phishing scams around $14.6 million and rugpulls about $6.3 million.

To prevent hacks and other crypto crimes DeFi projects should improve their crypto securities measures by conducting timely audits.

Keywords: crypto rug pulls, crypto hackers, crypto crime, crypto losses, crypto security tips, crypto hacks, crypto phishing, phishing scams, crypto scammer, crypto scam, crypto fraud

Introduction

Investing in cryptocurrencies come with various risks which include high price volatility, hacks, phishing and rug pulls, among others. Crypto hacks and rugpulls are not spread evenly throughout the year. They occur during certain periods or crypto seasons

In 2023 there were many hacks, rug pulls and phishing incidents in November. In this article we discuss some of these incidents. We will also explore ways in which crypto investors may protect themselves from such risks.

Surge in Hacks, Rugpulls and Phishing Incidents in November

November had many incidents of hacks, rugpulls and phishing which resulted in loss of cryptocurrencies worth over $356 million. In fact, there were a total of 26 crypto security incidents during the month.

In summary, hack attacks led to a loss of about $335.63 million, phishing scams around $14.6 million and rugpulls approximately $6.3 million. Notably, the losses from breaches and scams increased by 6.9% in November over October.

Loss from hack attacks

As noted above, much of the loss from exploits and other malicious actions was through hacks. There were two serious hacking incidents where crypto assets worth more than $100 million were lost in each case.

Specifically, Poloniex, a crypto exchange, lost $126 million while hackers stole cryptocurrencies worth $100 million from HTX, formerly Huobi Global. HECO Bridge, a cross-chain bridge affiliated to HTX, lost $110 million worth of crypto assets. These incidents constituted about 66% of the total losses arising from bad actors in November.

Examples of DeFi projects that were hacked are KyberSwap and Raft Fi. The major contributing factor for successful hacks were poor smart contract security measures.

Phishing Scams

In total, phishing scams led to the loss of crypto assets that exceed $1 million. In simple terms, phishing scams involve fraudulently accessing personal or platform details such as private keys. Examples of affected platforms are dYdX, KyberSwap, Poloniex, HTX and CoinSpot.

Centralized and Decentralized Exchanges

The malicious actors exploited both centralized exchanges (CEXs) and decentralized ones (DEXs)resulting in loss of crypto assets. In short, these crypto exchanges lost a total of $215 million in November alone. As highlighted above, dYdX, KyberSwap, Poloniex, HTX and CoinSpot are among the affected exchanges. These exchanges need to improve their security systems to prevent similar exploitations in the future.

How the Exploits Occurred

Previously, we mentioned some hacking incidents that led to loss of funds. Now, let’s analyse a few of these hacking and phishing incidents in detail.

Kronos Research: On 19 November crypto hackers exploited Kronos Research resulting in loss of cryptocurrencies worth $25.65 million. The hackers compromised Kronos’ application programming interface (API) keys.

It lost various crypto assets including USDC, ETH and USDT in the process. API keys are an alternative to passwords or a form of authentication. Therefore, anyone who gets hold of blockchain based projects’ APIs can access their digital assets.

Poloneix: During the same month, November, a crypto hacker exploited Poloneix, a cryptocurrency exchange, stealing coins and tokens worth $126 million. In fact, the bad actor accessed the exchange’s private keys for hot wallets.

The fact is that once a hacker accesses an individual or organization’s digital wallet private key he/she can send tokens from the wallet. Based on the way the attack unfolded some analysts believe that the Lazarus Group, linked to the North Korean government, was responsible for the exploitation.

KyberSwap: The hacker attacked the KyberSwap Elastic which enabled him/her to access cryptocurrencies worth about $48 million. In this case, the attacker manipulated price differentials between different crypto markets. In other words, it was a direct attack on the exchange’s liquidity pools. However, that error could have been prevented through smart contract auditing.

Attack on dYdX: With this crypto crime, the attacker drained 40% of the insurance fund used for protecting users from backstopping other traders’ losing trades.

Specifically, the hacker manipulated the Yearn Token market which normally has very low trading volumes. He/she took advantage of the flaws in the dYdX’s risk management system.

HTX Exchange: On 22 November, HTX exchange lost cryptocurrencies worth over $13.6 million due to compromised hot wallets. Most of the cryptocurrencies were converted to ETH and drained from its three wallets. In all, the exchange lost 78 million USDC, 1,240 ETH, 62,200 LINK and 7.3 million USDT.

Other DeFi Platforms that Lost Cryptocurrencies

There are many more DeFi platforms that lost much crypto assets. The following table list some of them and the different causes of the exploits.

November Crypto Hacks and Losses - Defillama

It is important to note that the above list is not exhaustive of the crypto crimes that occurred during November. However, it captures the main ones for the month.

Phishing Scams and Rugpulls

Apart from the list of crypto hacks we have so far listed and discussed there were several other phishing scams and rugpulls in November. For Example, on 15 November a wallet lost $3.4 million as a result of phishing. The owner was enticed to sign what the crypto scammer termed an “increaseAllowance” transaction.

On 23 November there was a rug pull on the BNB chain where a “deployer” removed liquidity worth $1.7 million. Also, on 27 November, Inferno Drainer, a fraud service provider, announced that it was closing down. In that crypto scam incident the users lost crypto assets worth over $80 million.

Again, another rug pull occurred on the BNB chain on 30 November when the Fuding Token project closed down, disappearing with over $520,000. Further to this, there are other rug pull and phishing scams we have not listed here.

After discussing the above crypto crimes and the related crypto losses, it is clear that both DeFi projects and their users should put in place various measures to prevent similar cases in the future.

Cybersecurity Tips from Gate.io Experts

There is no question that some of the crypto fraud and crime incidents, we have discussed, would have been avoided through strong security measures. This is because most of the DeFi platforms that were compromised had flaws in their smart contracts.

Crypto Security Tips for Users

Crypto users should maintain vigilance when working online to avoid security traps that include phishing. Basically, phishing scammers aim to access the users’ personal details that include email addresses, private keys and seed phrases. They use different methods to get such data.

To prevent phishing the users should avoid opening links sent by people they do not know. It is also important to avoid replying to emails from unknown senders. In addition, never give people your PINs, 2FA codes and private keys, no matter what. That will protect your digital assets.

And never provide your important information to websites whose owners and purposes you are not conversant with. In the past, for Example, many users fell prey to fake airdrops thereby losing their digital assets.

Another important thing is to avoid using public Wi-Fi when making crypto transactions or when using electronic gadgets that have essential information like private keys and passwords. If you use a public Wi-Fi ensure to use VPN and never open pop-up windows.

One should always adhere to commonplace security measures like using strong passwords and regularly changing them. In addition, always update your applications and browsers as that entails improving your security measures. Similarly, it is very wise to store most of your digital assets in cold wallets.

Every investor should also know how to identify and stay safe from rugpulls. For Example, it is very vital to invest in reputable blockchain platforms like crypto exchanges. This is because most exchanges are diligent in vetting the cryptocurrencies they list.

Furthermore, if you are new to cryptocurrencies the best thing to do is to invest in established cryptocurrencies like Bitcoin and ETH. Again, some exchanges have their coins and tokens like BNB and Gate Coin which are more secure than the others. Trying to invest in newly launched cryptocurrencies may lead to much loss.

Conclusion

During 2023 November was the worst month in terms of crypto crimes like hacks, rug pulls and phishing scams. DeFi projects and crypto investors incurred more that $356 million in crypto losses as a result of security breaches and crypto frauds. DeFi projects can prevent such crimes through improving their crypto security measures.

Author: Mashell C., Gate.io Researcher

*This article represents only the views of the researcher and does not constitute any investment suggestions.

*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.