$132M Stolen Through Crypto Crimes — Top 5 Crypto Hacks of November 2024
In November 2024, $132 million was stolen through various crypto crimes, with hacks alone accounting for over $99 million. Of this, $25.2 million was returned through a white-washed bug bounty, leaving the net loss from hacks at almost $74 million.
Crypto scams resulted in $32 million in losses, while the WonderFi CEO was kidnapped and forced to pay a $1 million ransom. This incident adds to a worrying trend of direct crimes targeting individuals to steal their crypto funds this year.
Here is a breakdown of the top 5 hacking exploits of the month!
Top 5 Crypto Hacks November 2024 — Nefture
🚨THALA LABS— $25,5 Million Lost & Found
On November 15th, 2024, DeFi protocol Thala Labs suffered a $25.5 million exploit due to a vulnerability introduced in a recent update to their v1 farming contract.
The vulnerability allowed the attacker to exploit a failure in validating withdrawal requests, enabling them to withdraw more tokens than they had staked. By adding liquidity, unstaking tokens, and falsely appearing to have a stake, the attacker drained approximately $25.5 million from the project by swapping the stolen tokens for lzUSDC.
Unfortunately for the hacker, they left enough traces for law enforcement and crypto sleuths, including SealOne and Ogle, to quickly identify the exploiter. After negotiations, the unidentified hacker accepted a $300,000 bug bounty and returned the rest of the funds to the team.
🚨DEXX— $30 Million Lost By Users
On November 16th, 2024, the memecoin trading platform DEXX fell victim to an exploit, resulting in the unauthorized transfer of more than $30 million from its users through private key exploits.
The attack targeted DEXX’s centralized custody model for storing users’ private keys, creating a single point of failure that the attacker exploited.
While most victims lost less than $10,000, one individual suffered a significant loss exceeding $1 million. SlowMist also reported that over 8,600 Solana wallets were linked to the DEXX hacker.
🚨GIFTO — Hack or Mint-and-Dump?
Hours after Binance announced it would delist the GFT/USDT trading pair on December 10th, 2024, the Gifto team allegedly minted 1.2 billion GFT tokens within an eight-hour window, depositing them into exchanges.
This action caused the GFT market price to plummet by 40%, resulting in over $13.5 million in gain for the team.
After blockchain sleuths raised alarms, the Gifto team took to Twitter to declare “a critical security incident involving the GFT contract.” While they claimed the GFT token contract had been compromised, suspicions remain that they may really be the ones behind the mint-and-dump.
🚨POLTER FINANCE — Copy-pasting code, praying and getting hacked
On November 17th, Fantom-based Polter Finance DeFi was exploited for $12 million through an oracle manipulation attack caused by a faulty oracle price.
Using flash loan, the attacker drained Polter’s liquidity pools, siphoning the entire $12 million worth of tokens on the platform. It’s important to note that Polter Finance deemed security audits unnecessary after copy-pasting an audited Geist code to operate their protocol.
Source: Polter Finance
🚨DELTA PRIME — Twice stolen, third time warned?
DeltaPrime was hacked for $4.8 million due to a critical flaw in the periphery adapter contract.
The attacker, using a flash loan, exploited a smart contract vulnerability, resulting in the theft of $753K on Arbitrum, then moved to Avalanche, stealing an additional $4.1M. This hack follows DeltaPrime’s $6 million private key exploit in September 2024.
In both cases, PeckShield’s audits had specifically flagged the vulnerabilities that were exploited, but DeltaPrime chose not to update their code, leaving those glaring vulnerabilities open for attack.
About us
Nefture is a Web3 real-time security and risk prevention platform that detects on-chain vulnerabilities and protects digital assets, protocols and asset managers from significant losses or threats.Nefture core services includes Real-Time Transaction Security and a Threat Monitoring Platform that provides accurate exploits detections and fully customized alerts covering hundreds of risk types with a clear expertise in DeFi.Today, Nefture proudly collaborates with leading projects and asset managers, providing them with unparalleled security solutions.Book a demo🤝
$132M Stolen Through Crypto Crimes — Top 5 Crypto Hacks of November 2024 was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.