In the past November, on-chain security was completely breached.

The attackers played very ruthlessly this time—the total losses soared directly to $172 million, nearly a 10-fold increase compared to last month. Even more critically, hackers have grown disdainful of the old phishing tricks, starting to directly gnaw at the hard bones of smart contracts. Data shows that in the DeFi sector alone, $127 million evaporated due to code vulnerabilities.

**How is the loss ledger calculated?**

Code vulnerabilities have become the new king, swallowing up $139 million, completely replacing phishing at the top seat. Wallet breaches contributed $33 million, while traditional phishing shrank to $5.8 million—seems like scammers are also "leveling up."

**Who is the unluckiest?**

Balancer suffered the worst this time, losing $113 million directly. Fortunately, StakeWise managed to recover $20.7 million from the hacker and is arranging proportional refunds.

The list of other victims is also quite tragic: Upbit lost 29.8 million, Bex was drained of 12.4 million, and Yearn Finance was even more outrageous – the hacker directly harvested by minting "unlimited yETH," taking away 9.1 million dollars. Projects like Beets, Gana Payment, and Moonwell also fell victim.

**Where did all the money go?**

Intelligence indicates that a hacker organization with ties to a certain East Asian country has taken a large sum. These individuals are highly skilled; after the attack, they directly threw the stolen funds into mixers like Tornado Cash for obfuscation—making tracking extremely difficult.

The blood and tears lesson of November once again proves: code is the lifeblood, and audits must not be done carelessly.