Just when we thought we were finally done with October, which was another month with over a billion dollars in losses, November came with even more surprises.
This was made apparent with the FTX collapse and more recently with the Genesis cryptocurrency trading platform, which has almost $3 billion in outstanding loans. As a consequence, losses incurred in November 2022 were considerably higher than in October.
Compared to the previous year, where November saw nearly $100 million worth of losses, like the last month, we have observed a massive increase in funds lost, from $100 million to nearly $4 billion.
In total, with the number of high profile losses such as Terra Luna and FTX, the total losses this year have amounted to $47b, compared to ‘just’ $8b in 2021.
However, this was driven by two major cases as a result of the failures of centralized entities, rather than native DeFi applications. With that said, let’s take a brief look at the top 5 cases this month.
Note: Looking for all-time data on crypto exploits? Check out our industry-leading REKT database for crypto hack & scam info.
Genesis, a cryptocurrency platform for derivatives, trading, and lending, has approximately $2.8 billion in outstanding loans on its balance sheet. Also, the company has not yet filed for bankruptcy. On November 10, the firm revealed that it had around $175 million worth of funds locked within an FTX trading account.
Then, on November 16, Genesis halted withdrawals on its platform because of what it called “unprecedented market turmoil” following the FTX collapse. Afterwards, on November 22, a spokesperson for the platform stated that they were looking to address the issue without declaring bankruptcy.
Sam Bankman-Fried stated that both of his companies, the FTX cryptocurrency exchange and the Alameda Research trading firm, have filed for bankruptcy. Not only that, but over 130 other affiliated firms are bankrupt as well. The total funds lost are worth around 1 to 2 billion dollars.
The incident began with some research that showed that the collateral of Alameda Research was largely filled with FTX’s native token, FTT. To elaborate more on the nature of its collateral, Alameda’s assets were worth around $14,600,000,000 in total, of which $3,660,000,000 were free FTT tokens and $2,160,000,000 were “FTT collateral.” Furthermore, there were large amounts of SOL and SRM tokens as well, since Mr. Bankman-Fried was one of the early investors in the Solana chain and he was also the co-founder of the Serum Exchange.
The research that initially hinted at insolvency then ignited a panic-filled bank run on FTX, where users immediately started withdrawing millions of dollars’ worth of funds from the exchange.
As a result, the FTT token’s value fell by over 95% within 24 hours. Even SOL was affected by this unfortunate incident and also by the recent activity that took place on-chain, where $49,000,000 worth of SOL was withdrawn from the staking pool. This led to the inevitable drop of approximately 60% in its price.
Following that, the FTX Exchange then stopped its withdrawals and filed for bankruptcy. Since FTX used to be a major player within the cryptocurrency sector, other similar projects that were reliant on the exchange started reporting significant losses one at a time.
The event sparked a series of exchanges seeking to reassure customers by releasing their ‘Proof of Reserves’. It is important to note in this case that many of these proofs of reserves fail to also account for the size of liabilities that the exchange holds to its clients.
Furthermore, it should also be noted that a bank run should in theory not be possible if an exchange holds client assets on a 1-to-1 basis.
The Deribit Exchange was exploited through access control. The private keys of the hot wallet were compromised, which then led to a loss worth around $28,000,000.
The exchange serves as a platform for cryptocurrency derivatives. The private keys of the initiative’s hot wallet were compromised on both the Bitcoin and Ethereum chains. The total loss of funds amounted to 691 BTC and 9,111 ETH, all of which are worth more than $28 million at this moment. The cold addresses and client assets weren’t affected, and fortunately, on its official Twitter account, the firm stated that the lost funds will be paid.
Block Data Reference
Attacker addresses:
https://etherscan.io/address/0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd
https://etherscan.io/address/0x8d08aad4b2bac2bb761ac4781cf62468c9ec47b4
Transfer transactions:
https://etherscan.io/tx/0xdd608c8c4e8d8529967955d89f9e71842e80c3c84d592c72054f68090a5a102c
https://etherscan.io/tx/0xf3a14bfddc65725b4a345e0bafa84afd328de1b9487339157a0f24c9085b66f2
Based on MTG technology, Pando is a decentralized network that was recently compromised.
This allowed the hacker to grab 11,107,488 worth of stablecoins and 5128 ETH from the Ethereum chain, while from the Bitcoin chain, he managed to steal 83.5 BTC. It looks like the hacker exploited the wallets’ private keys, since the stolen transactions were simply direct transfers. At the moment, the stolen funds are located at the original addresses of the attacker.
Block Data Reference
Attacker addresses:
https://etherscan.io/address/0xd3f04cE2d37b182432e2f804F9913a02071CEa54
https://www.blockchain.com/btc/address/bc1qjnsx0sdxksh4w2azwu5ngr8sax46vcu52ljfcx
DFX Finance, a trading protocol, was exploited because of a flash loan vulnerability. The attacker drained $4,445,279 worth of various tokens and sent 2692 ETH via Tornado Cash.
$545,312 worth of CADC remains at the hacker’s address, while $135,265 worth of TRYb remains at the contract that was utilized for the attack. The malicious attacker took advantage of an existing smart contract flaw that permits the passing of the balance check following a flash loan and grants permission for tokens to an actor.
During the token transfers, the MEV bot was able to frontrun the attacker for an extra $3,200,000 worth in USDC, CADC, GYEN, and NZDS tokens. Following that, the team behind DFX has started what it calls a “multi-phase recovery plan.” The initiative has already offered 2,000,000 DFX tokens that, at the moment, are valued at $204,800 to help the liquidity pools that were affected as a result.
Block Data Reference
Attacker address:
https://etherscan.io/address/0x14c19962e4a899f29b3dd9ff52ebfb5e4cb9a067
Malicious contract:
https://etherscan.io/address/0x6cfa86a352339e766ff1ca119c8c40824f41f22d
MEV bot:
https://etherscan.io/address/0xfde0d1575ed8e06fbf36256bcdfa1f359281455a
Malicious transactions list:
https://etherscan.io/txs?a=0x6cfa86a352339e766ff1ca119c8c40824f41f22d
As can be seen from the scale of the losses in November, a large majority of losses were in interconnected centralized finance platforms. This amounted to over $3.8b lost, as opposed to $54m on Ethereum and $12.5m on BNB Chain.
The biggest type of exploit in November was, naturally, the exit scam, with FTX being the prime suspect, and contagion effects still playing out.
One can think of the FTX saga being an ‘exit scam’ in the sense that client funds were siphoned from the platform to prop up a failing hedge fund, Alameda Research. As a consequence, FTX lacked the required reserves for clients to withdraw their funds in full. The recovery of these funds by clients was then further delayed by the voluntary Chapter 11 filing by FTX, suspension of all withdrawals and a ‘hack’ that drained the remaining assets held by FTX.
The runner-up is the access control exploit, with $47m lost. Worryingly, this suggests that industry actors are still having trouble keeping their private keys safe from attacks.
If we exclude the black swan events in CeFi, however, we are actually seeing lower losses year on year in November 2022, as compared to the same period in 2021, at $71.5m vs $94.7m in 2021.
What’s more, whereas no funds lost were actually recovered in November 2021, about $200,000 was recovered this November, continuing the trend of recoveries becoming more likely over time.
In terms of sheer frequency, rug pulls remain the most common type of exploit — while they tend to be much smaller in value lost per attack, they are also the lowest hanging fruit for DeFi projects to make a cash grab. A total of 9 rug pulls happened this month — or a rug pull every 3 to 4 days on average!
In terms of attack vectors, tokens remain the most common type of target, underscoring the importance of doing your own due diligence when aping into the latest small-cap DeFi token.
DEXes also proved to be a popular target this month — which is unsurprising, given the large amount of liquidity usually locked on these protocols. That being said, the magnitude of these aforementioned attacks paled in comparison to the CeFi catastrophes of the past couple of weeks.
Similarly to previous month, BNB Chain unfortunately continues to be a rugpull hotspot, with the highest frequency of funds being lost in November 2022 at 12 cases. This is trailed in second place by Ethereum at 5 cases, and then by Centralized exchanges, at 2 cases.
Conclusion
As unfortunate as it is, the DeFi space has never been more risky. Because of this, we have to make it our responsibility to keep stepping up our game when it comes to investing within the DeFi sector and staying alert to any potential threats. Hence, education is vital, which is something that we at De.Fi have you covered on. Get started with our web3 wallet tracker today and check out our resources for staying on top of the industry to protect your crypto bull run gains!
What is TVL (Total Value Locked) in DeFi?
Upcoming Crypto Airdrops for 2023
Smart Contract Audit Services
Free Smart Contract Audit
Revoke Crypto Wallet Permissions Tool
Best DeFi Yield Farming APYs
Good luck in farming!
November 28 • 9 minutes
During Q1 2024 ... total losses amounting to $414,875,820 across a range of exploits and security incidents.
April 1 • 10 minutes
Among the many options available, Phantom Wallet has emerged as a popular choice for those in the Solana ecosystem, sparking questions about its safety, legitimacy, and features.
March 22 • 17 minutes
A total of $148,690,165 was lost across various platforms and chains due to diverse exploits.
March 2 • 11 minutes
Celo token approvals can go by many names including token permissions, smart contract permissions, token allowances, etc.
February 23 • 7 minutes
The top three largest governance hacks resulted in $414M in losses over the years
February 12 • 5 minutes
MetaMask is one of the most commonly used DeFi wallets, and users most often encounter token approvals in the wallet via the “MetaMask custom spending cap" prompt.
February 7 • 11 minutes
© De.Fi. All rights reserved.
