In November 2023, the cryptocurrency industry faced what CertiK, a blockchain security firm, labeled as its most "devastating" month yet for theft, scams, and exploits, with criminals accounting for a staggering $363 million in losses. The firm outlined that exploits alone led to losses of approximately $316.4 million, flash loans caused $45.5 million in losses, and various exit scams resulted in a $1.1 million loss. Notably, Poloniex and HTX/Heco Bridge saw the largest breaches, incurring losses of $131.4 million and $113.3 million, respectively.
Among the significant breaches, a phishing attack targeting an individual victim led to a substantial loss of $27 million. The KyberSwap attack, accounting for approximately $45 million, constituted nearly all the damage incurred from flash loan attacks throughout the month.
This November's cumulative losses have already surpassed the all-time record set in September, driven primarily by the $200 million Mixin cyberattack. As of November's end, exploits, exit scams, and flash loan attacks have resulted in approximately $1.7 billion in losses in 2023, constituting 54% of the cryptocurrency consumption compared to 2022's $3.7 billion and 2021's $1.7 billion losses, as reported by CertiK.
Ronghui Gu, a CertiK founder, cautioned that relying solely on standard smart contract audits is insufficient. He highlighted the evolving methods used by thieves to exploit vulnerabilities, pointing to recent examples like SIM swapping and multi-signature vulnerabilities as among the latest security traps.
Christian Seifert, a researcher at Forta Network, expressed concern that such vulnerabilities are impeding broader adoption. He likened the impact of these vulnerabilities to losing all savings in a bank robbery, emphasizing the deterrent effect on potential users.
Jerry Peng, a research analyst at 0xScope, noted that these incidents have had a chilling effect on those interested in exploring the Web3 space, suggesting that these events have "scared away" potential participants.
