Crypto platforms lost $127M to hacks, exploits, and scams in November

The biggest incident of the month was the Balancer liquidity protocol breach, responsible for over $113 million in losses. Attackers reportedly exploited flaws in the protocol’s pool mechanics, affecting multiple Ethereum-connected networks and Layer 2 platforms.

One impacted platform, Berachain’s BEX exchange, lost more than $12 million, but later announced it had recovered the stolen funds — contributing to the month’s recovered total.

South Korean exchange Upbit also suffered a major security event, losing nearly $37 million. Investigators believe the attack matches the patterns of North Korea’s Lazarus Group.

Other notable victims included Beets and Gana Payment, which lost over $3.8 million and $3.1 million respectively. Though smaller in scale, these cases highlighted both technical weaknesses and user-targeted threats throughout the ecosystem.

CertiK’s analysis shows familiar trends: DeFi platforms suffered the most damage, recording over $134 million in losses for November. This marks a shift from October, when cross-chain bridges were the most targeted category.

Exchanges were the second-most affected in November with more than $29 million lost. Bridges, meme token platforms and AI-based crypto projects followed with considerably smaller totals.

Phishing attacks also declined, dropping from $28 million in losses in October to around $5.8 million in November.

The leading cause of exploits was code vulnerabilities, responsible for more than $130 million in losses. Wallet compromises, including credential theft and malware, followed with an estimated $33 million lost. Other causes included front-end breaches and price-manipulation attacks.

CertiK recorded 53 individual incidents throughout the month.

The continued rise in large-scale exploits is increasing pressure on exchanges, auditors, regulators, and security firms to strengthen defenses. While blockchain analytics teams were able to freeze or recover $45 million in November, the industry’s response remains mostly reactive.

Rapid recovery often depends on how quickly exchanges can detect stolen funds, collaborate with law enforcement, and whether attackers move assets through traceable infrastructure.

Notably, North Korean-linked hackers remain active players. Reports from major AI labs such as Google Gemini and Anthropic Claude indicate that these groups may now be using AI tools to improve their attack methods.