DeFi hacks in November saw attackers drain $127 million across 53 incidents, with the Balancer breach alone accounting for $113 million in losses. Code flaws drove more than $130 million in damages as DeFi platforms absorbed the worst of the impact, while Yearn Finance’s yETH exploit and Upbit’s $37 million breach—linked to North Korea’s Lazarus Group—underscored the rising sophistication of crypto security threats.
Key Insights
- November saw $127M in confirmed losses across exploits and scams.
- The biggest hack of the month was the Balancer incident, which lost more than $113 million.
- DeFi platforms faced the largest share of attacks overall.
DeFi hacks in November reveal a dramatic rise in losses for users and platforms across the crypto sector, with attacks draining $127 million from exchanges, DeFi platforms, and wallets. As per CertiK, more than $172 million was exposed before teams managed to freeze or recover about $45 million, leaving $127 million in confirmed losses.
Defi Hacks: Major Losses Led by Balancer
The DeFi hacks in November were dominated by the Balancer incident, where attackers targeted flaws in Balancer’s pool mechanics and pulled out more than $113 million, affecting several connected projects across Ethereum and Layer 2 networks.
One affected platform was Berachain’s exchange, BEX. It suffered losses above $12 million before managing to recover the stolen amount. That recovery added to the month’s freeze and recovery total of about $45 million.
The month also included a major hit on Upbit. The South Korean exchange lost nearly $37 million near the end of November, and analysts linked the attack to the North Korea-based Lazarus Group. This group has been tied to many high-profile crypto breaches over the past few years.
Other incidents added to the month’s damage. Beets lost more than $3.8 million, and Gana Payment lost above $3.1 million.
Code Flaws Drive Major Losses
CertiK’s November DeFi security report revealed a stark trend: DeFi platforms suffered the highest number of security incidents, racking up over $134 million in losses—dramatically surpassing centralized exchanges, which trailed at roughly $29 million.
The code flaws caused the largest share of attacks, accounting for more than $130 million in losses and remaining the most common reason for incidents throughout the month. Wallet breaches came next, and some of these events included stolen credentials and malware attacks, which added up to roughly $33 million.
Notably, phishing cases dropped compared to earlier months, and November recorded about $5.8 million lost to phishing, far lower than the $28 million seen in October. Other recorded issues included price manipulation and front-end tampering.
So far, CertiK has tracked 53 separate incidents across the month. The count showed a steady stream of new attacks, even as some areas saw slight improvements.
Yearn Targeted in $3M yETH Attack
The report also revealed another major event as Yearn Finance faced a serious exploit on its yETH product, where attackers used a method that allowed unlimited minting of tokens and drained the entire yETH pool in one move.
Blockchain data showed that attackers gained roughly 1,000 ETH, worth about $3 million, before moving the funds through Tornado Cash. The smart contracts involved in the exploit erased themselves after the attack, which made the event harder to track.
Notably, the yETH pool held around $11 million before the breach, and the full extent of the loss remains uncertain. Some users raised concerns about older contracts still active within the Yearn system. However, Yearn confirmed the incident and said its V2 and V3 Vaults stayed secure.
This was not the first time Yearn faced trouble. The platform suffered a hack in 2021 that drained its yDAI vault. That earlier event cost the platform $11 million and left users with losses of nearly $3 million.
Industry Response Still Struggles Against Fast Attacks
The DeFi hacks in November added pressure on exchanges, audit firms, and security teams, as even though analysts managed to freeze or recover $45 million, most responses came after funds had already moved, showing how fast attackers continue to act despite security measures.
This showed how fast attackers continue to act despite security measures.
In all, groups tied to North Korea appeared again in November’s investigations. They have improved their methods and now use more advanced tooling.
Reports from analytics platforms now show that such groups may be using AI to refine their attack strategies.
Despite improved security awareness and audit processes, the crypto sector remains vulnerable to sophisticated attacks, with code flaws, wallet breaches, and state-sponsored groups like Lazarus continuing to evolve their tactics and potentially leveraging AI to refine attack strategies.
Disclaimer: This article is intended solely for informational purposes and should not be construed as financial advice. Investing in cryptocurrencies involves substantial risk, including the possible loss of your capital. Readers are encouraged to perform their own research and seek guidance from a licensed financial advisor before making any investment decisions. Voice of Crypto does not endorse or promote any specific cryptocurrency, investment product, or trading strategy mentioned in this article.
