Growing pains? DeFi exploits plunder BSC, which calls for reinforcements

Published at: June 5, 2021

Several decentralized finance (DeFi) protocols running on Binance Smart Chain (BSC) have fallen victim to major exploits in recent months as the sector continues to see substantial growth in 2021.

Binance’s very own smart contract blockchain platform has seen a surge in demand since its launch in September 2021, due to its low fees and high throughput. This has allowed the Binance Smart Chain to appropriate a percentage of the DeFi market as platforms looked for an alternative to Ethereum’s high gas fees.

While Ethereum still commands the lion’s share of the DeFi network’s transaction volume due to the number of major platforms running on its blockchain, BSC is an attractive alternative that has enjoyed real success, spurred on by its interoperability with the larger Binance ecosystem.

Given that Binance is the largest cryptocurrency exchange by volume in the world, its ecosystem drives a significant amount of cryptocurrency transactions and trading. Nascent DeFi platforms running on BSC have attracted large user bases, but an unfortunate consequence has been the prevalence of nefarious individuals exploiting smart contract flaws.

The result has seen millions of dollars fleeced through these exploits. BurgerSwap saw a combined $7.2 million worth of various cryptocurrency tokens drained from its liquidity pools in May. Attackers also managed to net around $6 million in profit through a flash loan attack on Belt Finance in May as well. PancakeBunny saw $200 million worth of various tokens stolen through another flash loan exploit in the same month.

Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon and Spartan Protocol have also suffered exploits on BSC in recent months, highlighting the scale of attacks across the ecosystem.

The recent spate of exploits of some significant BSC-based DeFi platforms has prompted Binance to directly address questions regarding the security of BSC in recent times. Moreover, Binance moved to secure help from blockchain intelligence firm CipherTrace with hopes to rectify the situation.

Cointelegraph also reached out to Binance for additional comment regarding the hacks but did not receive a reply at the time of publishing.

External and internal threats

The reality of the situation is that judging by the rising amount of total value locked in the platforms, it seems that people enjoy using Binance Smart Chain. Since it’s a public blockchain, however, the decentralized, permissionless nature leaves the door open for exploits.

BSC differs slightly from other public blockchains like Ethereum in that it employs a proof-of-stake consensus algorithm and relies on 21 main elected validators to maintain the network. This also allows BSC to prevent individual validators from gaining significant control and potentially making changes to transactions or the blockchain.

Related: DeFi hacks on Binance Smart Chain rise as TVL and volumes increase

In this sense, the blockchain itself is secure, and there is no risk of a 51% attack or exploits of that nature, where most of the network gets taken over and exploited. However, platforms and smart contracts deployed on BSC can fall prey to what Binance describes as external threats.

An external threat could include any type of exploit of technical or operational vulnerabilities of platforms and projects built or deployed on BSC. Meanwhile, internal threats would include rug pulls, exit scams and insider theft or hacks.

As Binance highlighted in its recent blog post addressing exploits of BSC-based DeFi platforms, auditing every DeFi project and decentralized application that is launched on BSC is a serious undertaking and realistically cannot be carried for every single project running on the chain:

“Not every project on BSC is open-source, and even then, being open-source doesn’t automatically mean secure. Then there’s the security of smart contracts and no zero-defect codes, and as each project is developed by an independent team, there’s always a chance of defects.”

Binance also noted that it does not enforce any “reviewal process or centralized governance” to prevent malicious projects from launching on BSC. This is described as “not technically or logistically possible,” while the exchange notes that it would also constitute a form of censorship that would essentially threaten the decentralization of its ecosystem.

Nevertheless, BSC does work with a couple of third-party firms that carry out verification and audits of various projects and tokens running on its blockchain. This does have its limitations as well, as Binance highlighted: “These audits are not mandatory and they rarely cover new or emerging DApps. When looking for a genuine project, it’s recommended to avoid uncertified projects and always prefer projects with multiple audits from different companies.”

CipherTrace to the rescue

In an effort to address the uptick of exploits of DeFi platforms running on BSC, Binance has also tapped into the services of CipherTrace. The support will aim to identify higher-risk financial transactions on BSC and more than 600 decentralized applications running on the platform.

Cointelegraph reached out to CipherTrace to unpack the extent of its analytics services to BSC and what this will entail. CipherTrace CEO Dave Jevans stated that the company’s monitoring services would offer BSC similar insights to those provided to other clients, projects and platforms:

“Our compliance monitoring tools provide functionality to identify proceeds of crypto crimes and rug pulls for financial institutions, cryptocurrency companies and law enforcement. Monitoring for all chains, including BSC, provides similar outcomes — identifying illicit sources of funds to prevent bad actors from offramping their ill-gotten gains.”

CipherTrace has been extensively involved in cryptocurrency and blockchain analytics, having traced cryptocurrency that has been stolen from exchanges, as well as transactions from dark web marketplaces. Jevans expressed some insights as to why BSC has been the biggest target of DeFi exploits in 2021. He believes that due to the high fees on Ethereum, “BSC makes for an attractive alternative.” However, he added: “The more DApps that are built on BSC, the more exploits we will see take place.”

Jevans also added that the prevalence of exploits targeting BSC-based DeFi platforms is a direct result of the novelty of BSC and the number of unaudited smart contracts deployed by the projects:

“Bad actors flock to new projects that haven’t performed adequate smart contract audits. Especially in the current climate, hackers are examining every single DeFi protocol to see what exploits they can find.”

Interestingly, Jevans also noted a difference in carrying out blockchain analytics on Binance Smart Chain in comparison to other blockchains, like Ethereum and Bitcoin: “Ethereum and BSC are account-based blockchains, making it more difficult to track the flow of Ether or BSC-based tokens. In contrast, Bitcoin and Zcash are UTXO-based, enabling the tracking of actual Bitcoins or Zcash like is possible with dollars that have serial numbers.”

Step by step?

While the Binance Smart Chain continues on its growth path — all while fending off claims of severe network centralization — as things stand, it may not have the necessary resources or tools to completely safeguard DeFi platforms from suffering exploits while running on BSC. However, the platform is at least taking meaningful steps in helping address the issue.

CipherTrace could become an important cog in the Binance ecosystem thanks to its tracing and analytics tools, and this may well give users some peace of mind when using BSC-based DeFi platforms. Should more exploits occur, at the very least, the analytics firm will supposedly be on-hand to trace stolen funds and identify illicit transfers to and from platforms running on BSC.

From here on out, BSC can move on to finding a possible cure for the route of the illness instead of addressing the aftermath.

Tags
Related Posts
PancakeBunny tanks 96% following $200M flash loan exploit
Popular Binance Smart Chain-based decentralized finance protocol PancakeBunny has suffered a major exploit that allowed a hacker to make off with more than $200 million worth of crypto assets. According to a series of threads posted by the PancakeBunny team in the past hour, the protocol was subject to a flash loan attack from an external actor. The attacker borrowed “a huge amount” of Binance Coin (BNB) before manipulating the asset’s price and dumping it on the platform’s BUNNY/BNB market. 4⃣ The hacker then dumped all the bunny in the market, causing the bunny price to plummet 5⃣The hacker paid …
Technology / May 20, 2021
$50M reportedly stolen from BSC-based Uranium Finance
Uranium Finance, an automated market maker platform on the Binance Smart Chain, has reported a security incident that resulted in a loss of about $50 million. Tweeting on Wednesday, Uranium revealed that the exploit targeted its v2.1 token migration event and that the team was in contact with the Binance security team to mitigate the situation. (1/2)‼️ Uranium migration has been exploited, the following address has 50m in it The only thing that matters is keeping the funds on BSC, everyone please start tweeting this address to Binance immediately asking them to stop transfers. — Uranium Finance (@UraniumFinance) April 28, …
Blockchain / April 28, 2021
Cross-chain protocol brings together liquidity sources from multiple networks
A cross-chain aggregation protocol allows crypto enthusiasts to access liquidity sources from multiple networks on one platform — making it easier than ever to find the best prices. O3 Swap says its goal is to help users discover the most efficient routes for their trades, and complete transactions without limitations and hidden fees. Just some of the liquidity sources it supports include Uniswap, SushiSwap and Curve on the Ethereum blockchain; PancakeSwap, DODO and BakerySwap on Binance Smart Chain; as well as Flamingo, Nash and Switcheo on Neo. All of this ensures that multi-chain assets can be freely exchanged, and different …
Decentralization / May 11, 2021
What is BNB auto-burn and how does it work?
BNB and its role in the blockchain ecosystem Binance Coin (BNB) is the Binance ecosystem’s native cryptocurrency. Launched in 2017, BNB was originally presented as an ERC-20 token on the Ethereum blockchain with a total supply of 200 million. In 2019, Binance started its mainnet swap and migrated all BNB tokens to BNB Chain. Related: A beginner’s guide to the BNB Chain: The evolution of the Binance Smart Chain BNB Chain is composed of two blockchains, both powered by BNB: BNB Beacon Chain: Previously called Binance Chain, this blockchain handles BNB Chain governance functions such as voting and staking. BNB …
Adoption / July 8, 2022
Pandas, cyborgs, dogs, koalas dominate BNB Chain Red Alarm flag list
BNB Chain, a blockchain network created by crypto exchange Binance, identified over 50 on-chain projects that pose a significant risk to the users. A mix of crypto spin-offs resembling Dogecoin (DOGE) and Binance and others dedicated to pandas, cyborgs and koalas made the list as untrustworthy and high-risk projects. BNB Chain’s Red Alarm feature, which was implemented to protect investors from potential rug pulls and scams, flagged projects based on two main criteria — if the contract performs differently from what the project owners advertised or if the contract shows risks that might influence users' funds. Speaking to Cointelegraph, Gwendolyn …
Adoption / Aug. 15, 2022