Analyzing BSC’s Security Milestones in 2023: AvengerDAO’s Insights



Blog post image.

2023 marked a transformative year for BNB Smart Chain (BSC), with a sharp focus on enhancing security measures. According to AvengerDAO’s Security Report, BSC experienced an 85% year-over-year reduction in financial losses via security breaches. 

AvengerDAO is a collaborative effort that includes Hashdit, Certik, and Ancilia. Apart from its in-depth look into the security incidents on BSC, the report also looked into the type of projects targeted, and the common attack techniques observed during this period.

Numbers at a Glance

  • 85% YoY decrease in total loss via security breaches.
  • Both hacks and scams have dropped significantly from 2022, with hacks accounting for $73.2m (91% decrease) and scams accounting for $87.9m (54% decrease) in 2023.
  • When removing the top 3 outlier incidents, the total financial loss drops to just $97m. 
  • In Q4 2023, total financial losses dropped by 64% from Q3 2023.

General Outlook

AvengerDAO closely monitored the funds lost on BSC in 2023. Interesting observations were made. First, there were 414 security incidents on BSC – a 44% YoY increase from 2022. However, the total funds lost was $161,176,631 – an 85% reduction YoY, breaking a 3-year uptrend. What’s  more remarkable is that when you remove the top 3 outlier incidents (Fintoch, IPP, and Stake), the total losses drop to just $97m.

BSC vs Other Chains

So, how does this compare to other chains?

While BSC has experienced a dramatic decrease in financial losses, the same can’t be said for the other chains.

  • Ethereum (in green) has shown an increasing trend since 2021. 
  • Tron (in purple), Fantom (in light blue) and Arbitrum (in yellow) have shown large increases from 2022.

The difference is even more stark when comparing Q4 performances.

Q4 saw a significant reduction in fiat losses compared to Q3. Fiat losses across chains dropped by 64% from $43.7m in Q3 to $15.6m in Q4.

In Q4, BSC saw 3.7% of the total fiat losses across all chains in Q4. It ranks fifth as compared to other chains – behind Bitcoin (4.5%), Arbitrum (5.3%), Tron (13.6%), and Ethereum (65%).

By observing the quarterly and monthly trends below, there are some interesting observations to be made.

AvengerDAO’s Month-over-Month (MoM) Observations

The report also had some interesting MoM observations.

The average monthly loss was ~$13.4m. Except for May and September, every single month had below average losses.

Regarding security incidents, the report observed that cases largely peaked from Q2 to early Q4, with August being the exception.

Here are a few more MoM observations:

  • October had the highest number of security incidents at 58. However, it was only the fifth worst month when you look at financial losses (~$11m).
  • May was the worst month by far, with over $53m in financial losses, even though the number of security incidents was <50.
  • September had almost the same number of security incidents (57) as October but more than double the financial losses at $27m.

Attack Vectors and Targets

Looking at the attack vectors, it almost split evenly between hack (50.72%) and scams (49.03%).

However, the total financial loss from scams ($87m) is more than that of hacks ($73m).

The following chart looks deeper into the specific attack vectors:

Here are some observations from the chart:

  • The biggest contributor to losses was Rugpulls (35.18%), with scammers adopting more complicated measures to obfuscate code and funds flow. 
  • The 2nd largest contributor was Ponzi within smart contracts deployed on BSC, accounting for 22.53%.
  • The 3rd largest contributor was Hot wallet compromises within notable platforms like CEXs and other Entities. The Square hot wallet compromise is an example of such an attack.

So, what were the types of projects affected by this attack?

  • DeFi projects suffered the most losses, accounting for 82.06%.
  • Gambling comes in at a distant second with 11.04%.
  • CEX projects round off the top 3 with 3.85%.

Conclusion

The Security Report of AvengerDAO for the year 2023 signifies a milestone for BNB Smart Chain, highlighting its strengthened security protocols and a noteworthy decrease in financial losses.Despite a rise in security incidents, BSC’s focused efforts led to an 85% year-over-year decrease in losses, outperforming other chains. This progress, particularly notable in Q4, demonstrates BSC’s commitment to addressing security challenges and maintaining its competitive edge in the blockchain ecosystem.

Read the AvengerDAO 2023 Security Report in full here.