November scores exploiters $290m over 5 major crypto hacks
Attacks on Poloniex, HTX, Heco bridge, KyberSwap, and Kronos Research earned hackers $290 million, with a week to go until November 2023 closes.
As of Nov. 23, crypto hackers reportedly stole a combined $290 million from five major heists where at least $10 million was illegally ferried from each protocol. The platforms affected included three Justin Sun-related entities: HTX, Heco Bridge, and Poloniex, according to Lookonchain.
Exploits on HTX and Heco occurred on Nov. 22, the second most recent attack at press time. Hackers siphoned over $13 million and $86 million, according to an alert from Cyvers, a blockchain monitoring service.
HTX crypto exchange, rebranded from Huobi, previously lost some 5,000 Ether (ETH) worth $8 million at the time of the hack.
Poloniex, another crypto venture tied to Sun, was also compromised. The bad actors made off with more than $100 million in cryptocurrencies. Sun offered a five percent bounty worth $10 million and issued an ultimatum for hackers to return the funds.
Before Heco’s hack, Poloniex was the single largest crypto exploit recorded in November 2023, accounting for most of the stolen funds.
Hackers also hijacked the multichain decentralized exchange KyberSwap, stealing an estimated $46 million. The exploiter responsible notified KyberSwap’s team and community of their intent to negotiate after getting some sleep.
Finally, Kronos, a crypto trading and research firm, lost $25 million in ETH after unknown individuals secured access to API keys and breached security. The Taiwan-based firm said investigations were underway, and client funds faced minimal risk exposure.
Hackvember 2023 saw a sleuth of attacks on crypto projects ranging from protocol hacks to phishing campaigns. In addition to $27 million drained from a crypto wallet in a one-time hack, the X account of the Ethereum layer-2 network Loopring was infiltrated by phishing scammers.
The incident lasted nearly all day on Nov. 20 before Loopring’s team stemmed malicious links promoting a fake LRC token airdrop.