Crypto Hacks in November: Another Nightmare Month Despite Regulatory Clean Up

Key Takeaways

• November has been the highest month for crypto exploits this year.
• Until this month, September and July were the most hazardous months.
• The biggest single exploit this month was the Poloniex exchange, resulting in $126 million stolen.

November 2023 has proven to be a perilous month for the crypto world. According to a new report from blockchain security firm Immunefi, an alarming $343 million was lost last month alone due to what they categorize as “hacks and fraud.”

This represents a staggering 15-fold increase over the previous month’s registered losses of $22 million—and marks the highest monthly tally yet seen this year.

The poor news comes as crypto endured one of the most dramatic months in its history, with colossal regulatory clampdowns, and Changpeng “CZ” Zhao was forced out of the CEO role at Binance after admitting to serious wrongdoing in the U.S.

98% of November’s Losses Stemmed From Hacks

Immunefi classifies crypto losses into two primary buckets: hacks and fraud. The former refers to exploits that arise from vulnerabilities in the technical infrastructure, such as security holes in smart contracts. The latter encompasses outright scams and “rug pulls,” where dubious projects trick investors into depositing funds only to disappear shortly thereafter along with the cash.

An astonishing 98% of November’s losses stemmed from hacks rather than scams, per the report’s breakdown. And over half occurred in the CeFi (centralized finance) realm rather than DeFi (decentralized finance), indicating that even crypto intermediaries with custodial authority over assets remain vulnerable. Still, BNB Chain and Ethereum were the most frequently targeted blockchain networks, together accounting for 83% of losses across chains.

In total, Immunefi tallies nearly $1.8 billion lost to hacks and fraud this year across almost 300 incidents. That’s no small chunk of change. According to the report, the November losses of $343 million marked the highest monthly tally witnessed so far in 2023. September and July were previously the worst months, with over $340 million and $320 million lost respectively.

Drilling down, the report shows that the largest individual crypto loss event in November stemmed from an exploit of the Poloniex exchange, resulting in $126 million stolen. Other major losses came from breaches at HTX Exchange ($85 million taken) and blockchain startup Kronos Research ($48 million).

Security Should Be An Industry Priority

But why were hacks so dominant compared to frauds this month? “Most current users are familiar with the space; they do more research and are more conscious of the risks of interacting with smart contracts,” Jonah Michaels, Comms Lead at Immunefi, told CCN. “The frauds of this month are almost all related to scams or fake tokens that were trying to impersonate an actual token using the same symbol, which significantly reduces the possible affected users.”

“On the other hand, trusted protocols hold massive amounts of funds from users and companies. We can see how each of the top 5 hacks of this month surpasses all the frauds combined by far; that’s why security should be the top priority for the industry.” 

“We can avoid many fraudulent projects by doing basic due diligence,” advised Brian Pak, CEO and co-founder of Chainlight , a blockchain and smart contract security firm, speaking to CCN. 

“But even legitimate and hard-working project teams fall victim to a hack. Moreover, evaluating the security of a protocol is much harder for non-technical investors, and off-chain parts, such as the operational security of a team, are almost impossible to measure due to a lack of information, even for experts.”