November 2024 drew to a close with a sobering tally for decentralized finance security. Despite Bitcoin’s historic surge past $96,000 and Ethereum holding strong above $3,700, the DeFi ecosystem recorded $69.77 million in losses across 11 distinct security incidents. While this figure represents a dramatic improvement over November 2023’s staggering $400.7 million in losses, the patterns revealed by this month’s exploits demand renewed attention from protocol developers and investors navigating the current bull market.
The Threat Landscape
November’s security incidents were characterized by a tactical shift in attack methodologies. Unlike October’s concentrated barrage of high-profile breaches — where Radiant Capital lost $58 million and Essence Finance lost $20 million — November saw a more dispersed pattern of attacks targeting smaller protocols and newer platforms. This fragmentation suggests that attackers are diversifying their targets, moving away from heavily fortified major protocols toward less audited, emerging platforms that offer softer targets.
The month’s largest incident was the Thala Labs exploit on the Aptos blockchain, where a vulnerability in a v1 farming contract allowed an attacker to drain $25.5 million. The second-largest was the DEXX breach, which cost users approximately $13 million through compromised private keys. A rug pull by Gifto on Binance Smart Chain accounted for another $10 million in losses. These three incidents alone represented nearly 70% of the month’s total losses.
Core Principles
The November data reinforces several core security principles that every DeFi participant should internalize. Oracle manipulation attacks, responsible for $8.7 million in losses primarily through the Polter Finance exploit, remain a persistent threat. Protocols that rely on single-source price feeds or lack robust price deviation checks continue to present attractive targets for manipulation. Access control vulnerabilities accounted for $7.7 million across three incidents, indicating that multi-signature wallets and time-locked administrative functions are still not universally adopted.
Flash loan attacks, while contributing a relatively modest $420,000 this month, remain a concern due to their accessibility to any attacker with minimal technical knowledge. The prevalence of rug pulls — particularly the $10 million Gifto incident on BSC — reminds investors that not all losses stem from sophisticated exploits. Sometimes the simplest attack is the most devastating: a team simply walking away with user funds.
Tooling and Setup
Protecting yourself in the current environment requires a layered security approach. Start with hardware wallets for storing significant holdings — never keep large amounts on exchanges or in hot wallets connected to DeFi platforms. Use dedicated browser profiles or wallets for DeFi interactions to minimize cross-contamination risks. Before depositing funds into any protocol, verify that it has undergone audits from reputable security firms such as CertiK, Trail of Bits, or OpenZeppelin.
Monitor your wallet activity using on-chain alert systems that notify you of unauthorized transactions in real time. Tools like Revoke.cash allow you to review and revoke token approvals across multiple chains, reducing your exposure in case a platform you’ve previously interacted with is compromised. For protocol developers, implementing comprehensive access controls, multi-signature requirements for administrative functions, and circuit breakers that pause operations during anomalous activity are no longer optional — they are essential.
Ongoing Vigilance
One encouraging trend from November was the improvement in fund recovery. Approximately $25 million in stolen funds were recovered, a dramatic improvement over the mere $264,000 recovered in November 2023. The Thala Labs recovery demonstrated how blockchain-specific features — in this case, properties of the Move programming language — can enable rapid response to exploits. However, recovery should never be relied upon as a security strategy. Prevention remains far more effective than cure.
The geographic distribution of November’s incidents is also noteworthy. Binance Smart Chain experienced the highest number of individual incidents with three separate attacks totaling over $12.4 million. Ethereum and Solana collectively accounted for $17 million in losses across two incidents. The Aptos blockchain saw the single largest loss at $25 million from the Thala Labs exploit, while Fantom, Arbitrum, and Avalanche also recorded incidents.
Final Takeaway
As the crypto market enters what many analysts believe could be an extended bull run, the temptation to chase yields across unfamiliar protocols will only intensify. November’s $69.77 million in losses, while lower than previous months, demonstrates that attackers are adapting their strategies rather than giving up. The shift toward targeting newer, less audited platforms means that investors must exercise even greater caution when exploring emerging ecosystems. With the total crypto market capitalization near record levels and Bitcoin trading at $96,449, the financial incentives for attackers have never been higher. Security is not a feature — it is a prerequisite for sustainable participation in DeFiThis article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before engaging with any DeFi protocol.
69.7m lost across 11 incidents is actually an improvement over nov 2023s 400m. progress, but still way too much for a maturing industry
nov 2023 was $400M and nov 2024 was $70M. improvement but thats still 11 protocols that got hit. the bar should be zero not less terrible
attackers targeting smaller protocols is smart strategy. under $10M each means no FBI interest and limited media coverage. they fly under the radar
attackers moving to smaller protocols makes sense. the big ones have been audited to death, the new ones are soft targets with less scrutiny
thala labs on aptos losing the most this month shows its not just evm chains with issues. move language chains have their own bugs
diego is right about smaller protocols being soft targets. the $69.7M spread across 11 incidents means most were under $10M each. not enough for headlines but devastating for those communities
oracle manipulation and access control flaws are the same attack vectors from 2021. how are teams still getting this wrong
min jun asking how teams still get oracle manipulation wrong in 2024 is the real question. its a solved problem, open zeppelin literally has patterns for this. no excuse
bug bounty is right. open zeppelin has oracle manipulation prevention patterns documented for years. teams just skip the audit to save $20k
audit_or_die $20k audit saving you from a $10M exploit and teams still skip it. the math doesnt work