The cryptocurrency industry suffered another blow in November, according to new data from blockchain security firm CertiK. An estimated $127 million was deprived of the platform and users due to security breaches, contract abuse, and fraud.
The numbers, published in the company’s monthly threat report published in X, also show that the actual total amount affected by the exploit was more than $172 million. However, this number has decreased as approximately $45 million in stolen funds have been frozen or recovered.
Balancer violations account for the majority of losses
of This month’s headline events According to CertiK’s analysis, the issue was due to an abuse of the liquidity protocol Balancer and accounted for more than $113 million in total losses. The attackers allegedly exploited a vulnerability within the balancer’s pooling mechanism, which affected many Ethereum-linked protocols and Layer 2 platforms.
One of them was Berachain’s exchange BEX, which lost more than $12 million due to abuse. However, the platform announced that it was able to recover the stolen funds, increasing the total amount of recovered or frozen funds to $45 million.
South Korean exchange Upbit also suffered a major hack, resulting in a loss of nearly $37 million towards the end of the month. The hack is said to be signed by the Lazarus Group, a hacker group linked to North Korea.
Beets and Gana Payment were also the worst-hit platforms in November, with losses of more than $3.8 million and $3.1 million, respectively. Although these incidents were individually small, they reflected a combination of operational flaws and user-targeted threats, increasing the total for the month.
DeFi remains the weakest link
CertiK’s root cause breakdown shows a familiar theme. However, successful phishing attacks appeared to have decreased in November compared to the previous four months, ranking third in the Incident Loss by Category section.
Losses from phishing incidents in November totaled more than $5.8 million, a significant decrease from the $28 million loss recorded in October.
Code vulnerabilities were the primary cause of November’s exploits, representing the single largest category, resulting in more than $130 million in total losses. A subsequent wallet breach involving stolen credentials and malware resulted in approximately $33 million in losses.
Other sources of exploitation incidents included price manipulation attacks and front-end compromises.
According to Certik, the number of incidents recorded this month reached 53.
By incident type, DeFi emerged as the most affected category. OctoberBridges is the most affected category by far, with DeFi coming in a distant second. However, the fortunes changed in November when DeFi platforms suffered the most abuse, recording losses of over $134 million.
In second place was the exchange, which recorded losses of more than $29 million due to exploits. Bridges, Memes, and AI Platforms were a distant third, fourth, and fifth, respectively.
Industry reaction and familiar faces
November’s numbers add to the pressure on exchanges, auditors, security platforms and regulators to curb losses from exploits. Although blockchain analytics companies are making progress in freezing stolen assets, as reflected in the $45 million recovered in the same month, much of the industry’s security apparatus remains reactive.
Recovery efforts will largely depend on the speed with which exchanges can identify fraudulent flows and coordinate with law enforcement and other security platforms, and on the provision that attackers have traceable infrastructure.
North Korea-linked hackers are still involved in several major hacking incidents this month, with reports from major generative AI platforms including: google gemini and Anthropic’s Claude show that these hackers are now deploying AI technology or leveraging it to get better at exploiting the platform.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
