Upbit’s $29.8 million hack, allegedly linked to North Korea’s Lazarus Group, was the month’s second-largest incident.
The crypto industry suffered another bruising month in November, with security breaches, contract exploits, and scams collectively stripping platforms and users of an estimated $127 million, according to new data from blockchain security firm CertiK.
The figure, published in the company’s monthly threat report, which was posted on X, also showed that the actual total affected by exploits was over $172 million. However, that figure reduced after about $45 million in stolen funds was frozen or recovered.
Balancer breach dominates losses
The month’s headline incident was the exploit of liquidity protocol Balancer, which accounted for more than $113 million of the total losses, according to CertiK’s analysis. The attackers allegedly took advantage of vulnerabilities within Balancer’s pool mechanics, and this affected many Ethereum-linked protocols and Layer 2 platforms.
One of them was Berachain’s exchange BEX, which lost over $12 million to exploits. However, the platform announced that it was able to recover the stolen funds, adding to the total $45 million of recovered or frozen funds.
South Korean exchange Upbit also suffered a major hack, losing close to $37 million around the end of the month. The hack is said to have the signature of Lazarus Group, the North Korea-affiliated hacking group.
Beets and Gana Payment were other platforms that suffered the worst exploits in the month of November, losing over $3.8 million and $3.1 million, respectively. While these incidents were individually smaller, they reflected a mix of operational shortcomings and user-targeted threats, adding to the month’s overall tally.
DeFi remains the weakest link
CertiK’s breakdown of root causes points to familiar themes; however, successful phishing attacks seem to have reduced in November compared to the previous four months, and it ranked third under the incident losses by category section.
Phishing incidents accounted for over $5.8 million in losses in November, which is a major reduction from the $28 million loss that was recorded in October.
The leading cause of exploits for the month of November was code vulnerabilities, and it represented the single largest category, contributing more than $130 million to total losses. It was followed by wallet compromises, often involving credential theft or malware, which accounted for losses of around $33 million.
Other causes of exploit incidents were price-manipulation attacks and front-end compromises.
The number of recorded incidents this month came to 53, according to Certik.
Under the incident by type, DeFi emerged as the most affected category. In October, bridges were the most affected category by far, with DeFi coming a distant second. However, the fortunes have turned, with DeFi platforms suffering the most exploits in November, with a recorded loss of over $134 million.
Exchanges came second, having recorded over $29 million in losses due to exploits. Bridges, memes, and AI platforms came a distant third, fourth, and fifth, respectively.
Industry response and familiar faces
November’s numbers add to the mounting pressure on exchanges, auditors, security platforms, and regulators to curb exploit-driven losses. While blockchain analysis firms have made progress in freezing stolen assets, as reflected in the $45 million recovered during the month, much of the industry’s security apparatus remains reactive.
Recovery efforts depend heavily on the speed with which exchanges can identify illicit flows and coordinate with law enforcement and other security platforms, and on the condition that the attackers use traceable infrastructure.
North Korean-linked hackers were still linked to some of the major hacking incidents this month, and reports from leading generative AI platforms like Google’s Gemini and Anthropic’s Claude show that these hackers are now deploying AI technology or leveraging it to get better at exploiting platforms.
Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.
