December 1st, 2022
October 2022 was one of the biggest months in the history of DeFi hacks. After that, November 2022 was relatively quiet in terms of hacked DeFi projects.
However, that isn’t to say that nothing happened in November 2022. This month, FTX, the third-largest cryptocurrency exchange, announced bankruptcy and experienced a follow-on hack. In addition to these, there were a few other notable hacks in November 2022.
The majority of DeFi hacks performed in November 2022 were for relatively small amounts as DeFi hacks go. However, a few incidents stood out from the crowd:
Most of the FTX headlines from November 2022 focused on the company’s bankruptcy declaration. Poor internal auditing and mismanagement of customer funds led to low liquidity and a bank run on the cryptocurrency exchange. As a result, the company declared bankruptcy, leading to further revelations.
In the midst of this bankruptcy declaration, FTX also lost approximately $338 million in tokens to an attacker. The chaos around the company’s bankruptcy declaration and the resultant move of tokens to cold wallets for storage made details difficult to determine and resulted in claims of an insider threat and malware being deployed in FTX apps.
In November 2022, Skyward Finance made history as the first NEAR-based DeFi project on the Rekt leaderboard of the biggest DeFi hacks. The attacker exploited vulnerabilities in the project’s token redemption code to perform multiple redemptions and withdrawals for the same Skyward tokens. In total, the attacker drained $3.2 million from the project.
DFX is a decentralized cryptocurrency exchange that specializes in stablecoins. In November 2022, two attackers, including a frontrunning bot, stole $7.5 million in total from the project.
This attack was enabled by reentrancy vulnerabilities in the project’s flashloan functionality. The attacker took out loans from the contract and redeposited those loans. The contract mistakenly recorded that the loan was repaid and also that the attacker had made a deposit, allowing them to withdraw that deposit for a profit.
Like many DeFi hacks, most of the hacks that occurred in November 2022 were entirely preventable. Unaudited projects containing common vulnerabilities — such as poor input validation and reentrancy — are the main targets of successful DeFi attacks
A security audit before deployment can help to find these vulnerabilities and save a DeFi project and its users millions. To find out more, reach out to our DeFi security experts at email@example.com.