DeFi Vulnerabilities and Losses in November 2023

In November 2023, the DeFi sector faced notable setbacks, experiencing a total loss of $331,935,737. While this figure reflects a decrease from the previous year's staggering $3.87 billion losses, it underscores persistent vulnerabilities within the DeFi ecosystem. This article delves into the incidents, examining key trends, and mapping the distribution of losses across various chains and exploit types.

Comparative Analysis

Comparing November 2023 to 2022, the losses decreased, with a recovery rate of $264,000 despite a lower total loss. In 2022, the industry suffered massive losses, including FTX's bankruptcy, affecting Genesis, BlockFi, among others.

Breakdown by Chain

Ethereum bore the brunt with 18 incidents, resulting in $283,444,335 in losses, followed by the BNB Chain with twenty incidents totaling $2,898,974. Other chains, including Arbitrum and Base, also encountered attacks, indicating vulnerabilities across different platforms.

Common Exploits

The DeFi landscape witnessed various exploit types:

1. Access Control Vulnerabilities: Six incidents led to losses of $275,259,718, emphasizing the urgent need for stricter access controls and thorough security audits.
2. Rugpulls: Twenty-four instances resulted in a loss of $3,861,130, highlighting risks in newer or less vetted projects and the necessity for due diligence.
3. Phishing and Flash Loan Attacks: A phishing incident caused a loss of $768,000, while five flash loan attacks resulted in losses totaling $48,959,554, emphasizing the risks in DeFi tools.

Key Attack Vectors

• Centralized Exchanges (CEX): Two major incidents caused a loss of $144,836,335, highlighting vulnerabilities in traditional crypto markets.
• DEX Exploits: Two severe incidents led to a loss of $46,725,428, emphasizing the risks around smart contract security.
• Borrowing and Lending Protocols: Two separate attacks resulted in a total loss of $2,515,830, indicating ongoing vulnerabilities within lending protocols.
• Stablecoins, Tokens, and Yield Aggregators: Multiple breaches occurred, highlighting the importance of vetting tokens and assessing risks before investment.

Top 10 Exploits of November 2023

1. Poloniex Exchange Access Control Exploit - $123m
   • Attacker Address
2. Heco Bridge Access Control Exploit - $86m
   • Malicious Transactions
3. KyberSwap Flashloan Exploit - $45m
   • Attacker
   • Malicious Transaction
   • On-chain Message

The losses in November 2023 highlight persistent challenges in DeFi. Despite some recovery efforts compared to the previous year, these losses underscore the need for heightened security measures and investor caution. Maintaining vigilance and prioritizing security remain essential for the DeFi industry to mitigate risks and build investor trust.