Several decentralized finance (DeFi) protocols that run on Binance Smart Chain (BSC) have been the victim of major exploits in recent months as the sector sees substantial growth in 2021.
September 2021 has seen a surge in demand for Binance’s own smart contract blockchain platform, due to its low fees and high throughput. This has allowed Binance Smart Chain to appropriate a percentage of the DeFi market as the platform seeks an alternative to Ethereum’s high gas fees.
While Ethereum still commands the lion’s share of the DeFi network’s transaction volume due to the number of major platforms that run on its blockchain, BSC is a lucrative alternative that has enjoyed real success, which is the larger Binance ecosystem. Driven by its interoperability with Tantra.
Given that Binance is the largest cryptocurrency exchange in the world, its ecosystem handles a large amount of cryptocurrency trading and trading. The Nascent DeFi platform that runs on BSC has attracted large user bases, but an unfortunate result has been the prevalence of nefarious individuals taking advantage of smart contract flaws.
As a result, millions of dollars have been laundered through these exploits. BurgerSwap sees a combined $7.2 million worth of different cryptocurrency tokens Withdrawn from its liquidity pool in May. The attackers also made traps approximately $6 million profit In May, there was also a sudden loan attack on Belt Finance. pancake bunny saw Various Tokens Worth $200 Million Stolen Through another flash loan exploit in the same month.
Cream Finance, Bearn, Bogged Finance, Uranium Finance, Meerkat Finance, Safemoon and Spartan Protocol have also faced exploitation on BSC in recent months, highlighting the scale of attacks across the ecosystem.
The recent exploitation of some important BSC-based DeFi platforms has prompted Binance to direct Know Questions about the security of BSc in recent days. In addition, Binance moved Secure help from blockchain intelligence firm CipherTrace With the hope of improving the situation.
Cointelegraph also reached out to Binance for additional comment regarding the hack, but did not receive a response at the time of publication.
external and internal threats
The reality of the situation is that judging With the increasing amount of total value locked into the platform, it seems that people are enjoying using Binance Smart Chain. Since it is a public blockchain, however, the decentralized, permissionless nature leaves the door open for exploitation.
BSC differs slightly from other public blockchains such as Ethereum as it employs a proof-of-stake consensus algorithm and relies on 21 main elected validators to maintain the network. This allows BSCs to prevent individual validators from gaining significant control and potentially making transactions or changes to the blockchain.
In this sense, the blockchain itself is secure, and there is no risk of 51% attacks or exploits of the nature where most of the network is taken over and exploited. However, the platforms and smart contracts deployed on BSC can fall prey to what Binance describes as external threats.
External threats may include any kind of exploitation of technical or operational vulnerabilities of platforms and projects built or deployed on BSC. Meanwhile, internal threats would include pulling the rug, exit scams and insider thefts or hacks.
As Binance highlighted the exploits of the BSC-based DeFi platform in its recent blog post, auditing every DeFi project and decentralized application launched on BSC is a serious undertaking and virtually every single project that runs on-chain. Cannot be done for:
“Not every project on a BSc is open-source, and even then, being open-source does not automatically mean secure. Then there is security of smart contracts and no zero-defect code, and since each project is a Developed by an independent team, so there is always the potential for defects.”
Binance also noted that it does not implement any “review process or centralized governance” to prevent malicious projects from launching on BSC. This is described as “not technically or logistically possible”, while the exchange notes that it would also be a form of censorship that would inevitably threaten the decentralization of its ecosystem.
Nevertheless, BSC works with a few third-party firms that verify and audit the various projects and tokens that run on their blockchain. This also has its limitations, as Binance pointed out: “These audits are not mandatory and they rarely cover new or emerging dApps. When looking for a genuine project, it is recommended and always to avoid uncertified projects.” Priority is given to projects with multiple audits from different companies.”
CipherTrace to the rescue
Binance has also used the services of CipherTrace, in an effort to address the exploits of the DeFi platform that runs on BSC. The support will aim to identify high-risk financial transactions on BSC and over 600 decentralized applications running on the platform.
Cointelegraph reached out to CipherTrace BSC to unpack the range of its analytics services and what it will include. CipherTrace CEO Dave Jevans said the company’s monitoring services will provide BSC with the same insights that other clients, projects and platforms provide:
“Our compliance monitoring tools provide functionality for financial institutions, cryptocurrency companies and law enforcement to identify crypto crimes and rug-pulling proceeds. Monitoring provides similar results for all chains, including BSCs – of funds. Identifying illegal sources so as to prevent bad actors from minimizing their wrongful gains.”
CipherTrace has been widely involved in cryptocurrency and blockchain analytics, tracing cryptocurrencies that have been stolen from exchanges, as well as transactions from dark web marketplaces. Jevans expressed some insight into why BSC has been the biggest target of DeFi exploits in 2021. He believes that due to the high fees on Ethereum, “BSC makes an attractive option.” However, he added: “The more dApps that are built on BSC, the more exploits we will see.”
Jevans also said that the proliferation of exploits targeting the BSC-based DeFi platform is a direct result of BSC’s innovation and the number of non-audited smart contracts deployed by the project:
“Bad actors flock to new projects that haven’t done enough smart contract audits. Especially in the current environment, hackers are scrutinizing every single DeFi protocol to find out what exploits they can exploit.”
Interestingly, Jevans also noted a difference in performing blockchain analysis on Binance Smart Chain compared to other blockchains such as Ethereum and Bitcoin: “Ethereum and BSC are account-based blockchains, making it more difficult to track the flow of Ether or BSC.” Bitcoin and Zcash, in contrast, are UTXO-based, with serial numbered dollars to enable tracking of actual bitcoins or Zcash is possible.
While Binance Smart Chain continues on its growth path – all while closing Claims of serious network centralization – As things stand, BSC may not have the necessary resources or tools to fully secure the DeFi platform from falling victim to exploitation while it is running. However, the platform is at least taking meaningful steps to help address the issue.
Thanks to its tracing and analytics tools, CipherTrace could become a vital force in the Binance ecosystem, and it could give users some peace of mind when using the BSC-based DeFi platform. If more exploitation occurs, then at least, the analytics firm is believed to be able to trace the stolen funds and identify illegal transfers from platforms that run on BSC.
From here, BSCs can move on to finding a potential cure for the disease pathway rather than addressing its outcome.