All Articles
All Articles

Almost $4 billion lost in November: DeFi Rekt Stories

Table of Contents

Just when we thought we were finally done with October, which was another month with over a billion dollars in losses, November came with even more surprises.

This was made apparent with the FTX collapse and more recently with the Genesis cryptocurrency trading platform, which has almost $3 billion in outstanding loans. As a consequence, losses incurred in November 2022 were considerably higher than in October.

Compared to the previous year, where November saw nearly $100 million worth of losses, like the last month, we have observed a massive increase in funds lost, from $100 million to nearly $4 billion.

In total, with the number of high profile losses such as Terra Luna and FTX, the total losses this year have amounted to $47b, compared to ‘just’ $8b in 2021.

However, this was driven by two major cases as a result of the failures of centralized entities, rather than native DeFi applications. With that said, let’s take a brief look at the top 5 cases this month.

Note: Looking for all-time data on crypto exploits? Check out our industry-leading REKT database for crypto hack & scam info.

1. Genesis — $2.8b Lost (CeFi, November 21)

Genesis, a cryptocurrency platform for derivatives, trading, and lending, has approximately $2.8 billion in outstanding loans on its balance sheet. Also, the company has not yet filed for bankruptcy. On November 10, the firm revealed that it had around $175 million worth of funds locked within an FTX trading account.

Then, on November 16, Genesis halted withdrawals on its platform because of what it called “unprecedented market turmoil” following the FTX collapse. Afterwards, on November 22, a spokesperson for the platform stated that they were looking to address the issue without declaring bankruptcy.

2. FTX Group — $1b Lost (CeFi, November 11)

Sam Bankman-Fried stated that both of his companies, the FTX cryptocurrency exchange and the Alameda Research trading firm, have filed for bankruptcy. Not only that, but over 130 other affiliated firms are bankrupt as well. The total funds lost are worth around 1 to 2 billion dollars.

The incident began with some research that showed that the collateral of Alameda Research was largely filled with FTX’s native token, FTT. To elaborate more on the nature of its collateral, Alameda’s assets were worth around $14,600,000,000 in total, of which $3,660,000,000 were free FTT tokens and $2,160,000,000 were “FTT collateral.” Furthermore, there were large amounts of SOL and SRM tokens as well, since Mr. Bankman-Fried was one of the early investors in the Solana chain and he was also the co-founder of the Serum Exchange.

The research that initially hinted at insolvency then ignited a panic-filled bank run on FTX, where users immediately started withdrawing millions of dollars’ worth of funds from the exchange.

As a result, the FTT token’s value fell by over 95% within 24 hours. Even SOL was affected by this unfortunate incident and also by the recent activity that took place on-chain, where $49,000,000 worth of SOL was withdrawn from the staking pool. This led to the inevitable drop of approximately 60% in its price.

Following that, the FTX Exchange then stopped its withdrawals and filed for bankruptcy. Since FTX used to be a major player within the cryptocurrency sector, other similar projects that were reliant on the exchange started reporting significant losses one at a time.

The event sparked a series of exchanges seeking to reassure customers by releasing their ‘Proof of Reserves’. It is important to note in this case that many of these proofs of reserves fail to also account for the size of liabilities that the exchange holds to its clients.

Furthermore, it should also be noted that a bank run should in theory not be possible if an exchange holds client assets on a 1-to-1 basis.

3. Deribit Exchange — $28.3m Lost (Access Control, November 1)

The Deribit Exchange was exploited through access control. The private keys of the hot wallet were compromised, which then led to a loss worth around $28,000,000.

The exchange serves as a platform for cryptocurrency derivatives. The private keys of the initiative’s hot wallet were compromised on both the Bitcoin and Ethereum chains. The total loss of funds amounted to 691 BTC and 9,111 ETH, all of which are worth more than $28 million at this moment. The cold addresses and client assets weren’t affected, and fortunately, on its official Twitter account, the firm stated that the lost funds will be paid.

Block Data Reference

Attacker addresses:

Transfer transactions:

4. Pando — $18.5m Lost (Access Control, November 5)

Based on MTG technology, Pando is a decentralized network that was recently compromised.

This allowed the hacker to grab 11,107,488 worth of stablecoins and 5128 ETH from the Ethereum chain, while from the Bitcoin chain, he managed to steal 83.5 BTC. It looks like the hacker exploited the wallets’ private keys, since the stolen transactions were simply direct transfers. At the moment, the stolen funds are located at the original addresses of the attacker.

Block Data Reference

Attacker addresses:

5. DFX Finance — $7.65m Lost (Flash Loan, November 10)

DFX Finance, a trading protocol, was exploited because of a flash loan vulnerability. The attacker drained $4,445,279 worth of various tokens and sent 2692 ETH via Tornado Cash.

$545,312 worth of CADC remains at the hacker’s address, while $135,265 worth of TRYb remains at the contract that was utilized for the attack. The malicious attacker took advantage of an existing smart contract flaw that permits the passing of the balance check following a flash loan and grants permission for tokens to an actor.

During the token transfers, the MEV bot was able to frontrun the attacker for an extra $3,200,000 worth in USDC, CADC, GYEN, and NZDS tokens. Following that, the team behind DFX has started what it calls a “multi-phase recovery plan.” The initiative has already offered 2,000,000 DFX tokens that, at the moment, are valued at $204,800 to help the liquidity pools that were affected as a result.

Block Data Reference

Attacker address:

Malicious contract:

MEV bot:

Malicious transactions list:

CeFi vs DeFi Narrative

As can be seen from the scale of the losses in November, a large majority of losses were in interconnected centralized finance platforms. This amounted to over $3.8b lost, as opposed to $54m on Ethereum and $12.5m on BNB Chain.

The biggest type of exploit in November was, naturally, the exit scam, with FTX being the prime suspect, and contagion effects still playing out.

One can think of the FTX saga being an ‘exit scam’ in the sense that client funds were siphoned from the platform to prop up a failing hedge fund, Alameda Research. As a consequence, FTX lacked the required reserves for clients to withdraw their funds in full. The recovery of these funds by clients was then further delayed by the voluntary Chapter 11 filing by FTX, suspension of all withdrawals and a ‘hack’ that drained the remaining assets held by FTX.

The runner-up is the access control exploit, with $47m lost. Worryingly, this suggests that industry actors are still having trouble keeping their private keys safe from attacks.

  • Funds Recovered

If we exclude the black swan events in CeFi, however, we are actually seeing lower losses year on year in November 2022, as compared to the same period in 2021, at $71.5m vs $94.7m in 2021.

What’s more, whereas no funds lost were actually recovered in November 2021, about $200,000 was recovered this November, continuing the trend of recoveries becoming more likely over time.

  • Types of Exploit

In terms of sheer frequency, rug pulls remain the most common type of exploit — while they tend to be much smaller in value lost per attack, they are also the lowest hanging fruit for DeFi projects to make a cash grab. A total of 9 rug pulls happened this month — or a rug pull every 3 to 4 days on average!

  • Attack Vectors

In terms of attack vectors, tokens remain the most common type of target, underscoring the importance of doing your own due diligence when aping into the latest small-cap DeFi token.

DEXes also proved to be a popular target this month — which is unsurprising, given the large amount of liquidity usually locked on these protocols. That being said, the magnitude of these aforementioned attacks paled in comparison to the CeFi catastrophes of the past couple of weeks.

  • Funds Lost by Chain

Similarly to previous month, BNB Chain unfortunately continues to be a rugpull hotspot, with the highest frequency of funds being lost in November 2022 at 12 cases. This is trailed in second place by Ethereum at 5 cases, and then by Centralized exchanges, at 2 cases.


As unfortunate as it is, the DeFi space has never been more risky. Because of this, we have to make it our responsibility to keep stepping up our game when it comes to investing within the DeFi sector and staying alert to any potential threats. Hence, education is vital, which is something that we at De.Fi have you covered on. Get started with our web3 wallet tracker today and check out our resources for staying on top of the industry to protect your crypto bull run gains!

Check our other resources to stay safe and explore DeFi:

What is TVL (Total Value Locked) in DeFi?
Upcoming Crypto Airdrops for 2023
Smart Contract Audit Services
Free Smart Contract Audit
Revoke Crypto Wallet Permissions Tool
Best DeFi Yield Farming APYs

📱 Telegram | 🐦Twitter

Good luck in farming!

More from De.Fi Security

© De.Fi. All rights reserved.