Table of Contents
In the dynamic and rapidly evolving blockchain world, it’s essential to continually adapt and fortify defenses against security threats. This proactive approach is evident in the BNB Chain community’s concerted efforts to mitigate and prevent security breaches.
Through implementing various programs, including Dappbay and Avenger DAO, the community has taken robust measures to strengthen its security infrastructure. These initiatives have played a crucial role in reducing the frequency of security incidents over recent months. Let’s delve deeper into these strategies and explore how they’ve effectively bolstered the resilience of the BNB Chain.
Addressing Security Concerns
BNB Chain is committed to enhancing the security of its ecosystem and has implemented robust user protection measures.
DappBay has listed over 1,158 dApps in under a year, with the Red Alarm feature helping users identify over 445 risky dApps and projects on BNB Chain. Each dApp in the Red Alarm list includes a security description and risk rating, with the same information published on BNB Chain’s blog.
The Risk Scanner feature enables users to scan and verify the safety of any BNB Smart Chain (BSC) smart contract. Users can scan and receive a risk rating for any smart contract or verify its authenticity before interacting. AvengerDAO powers the risk scanner. We welcome security providers to get in contact about AvengerDAO here.
For example, – BNB Chain security team also managed to identify a rugpull before it happened — 1 example is YieldRobot. Our internal team identified it on 9 December 2022 and flagged it as High risk in our risk scanner. The project rugpulled on 17 January 2023.
We could have rescued $2.1m, 25% of the funds lost on BNB Chain in Q1 2023.
BNB Chain community-run initiative, AvengerDAO’s meter API has scanned over 1 million unique contract addresses, identifying 35,000 as high risk. Users were notified not to engage with these contracts.
AvengerDao has successfully identified numerous security issues; however, there have been instances where opportunities to safeguard the project were missed due to our inability to reach out promptly. Consequently, we are eager to collaborate more effectively with blockchain projects and developers universally.
To facilitate quicker and more efficient communication, we encourage these entities to provide their contact details here. If we detect any security issues, we can notify them immediately.
Improvements in BNB Chain
The data comparison between the two most recent six-month periods on the BNB Chain illustrates notable improvements. The following statistics demonstrate this:
When comparing the value of hacks between the latest six-month period (January to June 2023) and the previous period (June to December 2022), there’s a substantial decline in losses. In the latter half of 2022, losses amounted to +$713M, inflated due to the outlier BNB Chain Bridge Hack. However, in the first half of 2023, this figure dropped significantly to +$34M, indicating improvements in security measures.
On the other hand, comparing scams during these two periods indicates that further progress is necessary. While there was a decrease in the loss from over +$117M in the latter half of 2022 to +$66M in the first half of 2023, the figures show there is still room for significant improvement. The raw data details can be viewed on GitHub here.
These trends underscore the ongoing positive developments within the BNB Chain ecosystem, though they also highlight the areas where more work is required to enhance the network’s security and integrity.
Furthermore, our core team explored this data to provide a richer and more well-rounded perspective of the impacted projects and TVL on BNB Chain. Not only does this deeper analysis aim to address any misconceptions associated with these BNB Chain breaches, it also intends to provide a more comprehensive insight into the situation.
The latest AvDAO progress
a. Web3 Risk Framework on the following aspects:
- Business Continuity
- Crypto Wallet
- Decentralized Finance
- Smart Contract
- Project Management
b. RedAlarm: Over 40-50 addresses are flagged in RedAlarm every week.
c. Weekly incident risk report. link
d. Community supported by top security partners
e. Risk Scanner
In H1 2023, only around 181 out of an estimated 2,000 active projects in the ecosystem were impacted, which accounts for 9 percent of the total projects.
In the first half of 2023, an analysis of the BNB Chain ecosystem reveals that about 181 projects out of approximately 2,000 active ones were adversely impacted. This figure represents a mere 9 percent of the overall project count, an insight that hints at the overall robustness and resilience of the ecosystem.
There were about 116 instances of hacks on the BNB Chain that impacted these 181 projects in H1, 2023.
Digging deeper into the specifics of these incidents, the breakdown is as follows: a majority of the projects were impacted due to incidents related to hacking attempts, a stark reminder of the ongoing security challenges in the web3 space. The remainder of the reported incidents resulted from ‘rug pulls,’ a scam in which developers abandon a project and run away with investors’ funds, thereby yanking the ‘rug’ out from under their feet.
Lastly, amongst the 181 incidents, a single event resulted from a white hat hack. In this context, a white hat hacker is a cybersecurity professional who uses their skills to find and fix potential vulnerabilities, typically to enhance system security.
Thus, the first half of 2023 brought various challenges to the BNB Chain ecosystem. Nevertheless, it’s important to note that the vast % of projects—91%—were unaffected by these issues, a testament to the strength and resilience inherent in this dynamic space.
Note: Our internal tracking estimates 2,000 historically active projects on BNB Chain in H1 2023. It’s important to note that there is often a long tail of unknown projects on most Chains, which may not be captured on public sources like DappRadar or even within internal tracking. They may not all be reflected on DappBay if they are dormant or replaced/relaunched. Therefore, we can quote around 2,000 active projects on the BNB Chain in H1, 2023.
$101M was impacted, which is less than 2% of the total TVL of $ 5-6 B on BNB Chain in H1 2023
During the first half of 2023, the total fiat value impacted due to the incidents was $100 million. Less than 2 percent of the overall TVL was influenced, indicating that most of the ecosystem’s assets remained secure and unaffected.
The average TVL for the BNB Chain during this period was estimated to be between $5 billion and $6 billion. This figure is a testament to the immense blockchain activity and liquidity within the BNB Chain ecosystem. Despite the notable absolute value of the impacted TVL, thus suggesting a considerable level of resilience within the system.
BNB Chain accounts for 0.9% vulnerabilities of the entire ecosystem based on the TVL in Q1 2023
The BNB Chain, despite its significant economic activity, exhibited remarkable security during Q1 of 2023. According to data based on Total Value Locked (TVL) (from Defilama and ImmuneFi report), BNB Chain was responsible for only 0.9% of the entire ecosystem’s vulnerabilities.
Vulnerabilities’ impact as % of TVL
| CHAIN | TVL | ESTIMATED $ IMPACT ACC TO IMMUNEFI | % OF TVL |
|---|---|---|---|
| Ethereum | 51,820,000,000 | 248,432,360 | 0.48% |
| BNB Chain | 5,490,000,000 | 30,948,216 | 0.56% |
| Polygon | 1,270,000,000 | 121,230,000 | 9.55% |
| Arbitrum | 2,370,000,000 | 9,705,690 | 0.41% |
| Optimism | 1,090,000,000 | 7,680,000 | 0.70% |
| Avalanche | 1,060,000,000 | 8,500,000 | 0.80% |
Source: Defilama for TVL, ImmuneFi Report for $ Impact
The table above shows the Total Value Locked (TVL) of six different blockchain networks, the estimated dollar impact from Vulnerabilities, according to Immunefi, and the percentage of TVL represented by that impact.
Ethereum has a Total Value Locked (TVL) of $51.8 billion, with 0.48% ($248.4 million estimated by Immunefi) of its TVL being impacted by vulnerabilities. In contrast, BNB Chain experienced a 0.56% vulnerability impact on its TVL, while Polygon had a much higher vulnerability impact of 9.55% on its TVL.
