An Overview of BNB Chain’s Security Programs

2023.7.14  •  6 min read
Blog post image.

In the dynamic and rapidly evolving world of blockchain, it's essential to continually adapt and fortify defenses against security threats. This proactive approach is evident in the BNB Chain community's concerted efforts to mitigate and prevent security breaches.

Through the implementation of various programs, including Dappbay and Avenger DAO, the community has taken robust measures to strengthen its security infrastructure. These initiatives have played a crucial role in reducing the frequency of security incidents over recent months. Let's delve deeper into these strategies and explore how they've effectively bolstered the resilience of the BNB Chain.

Addressing Security Concerns

BNB Chain is committed to enhancing the security of its ecosystem and has implemented robust user protection measures.

DappBay has listed over 1,158 dApps in under a year, with the Red Alarm feature helping users identify over 445 risky dApps and projects on BNB Chain. Each dApp in the Red Alarm list includes a security description and risk rating, with the same information published on BNB Chain's blog.

The Risk Scanner feature enables users to scan and verify the safety of any BNB Smart Chain (BSC) smart contract. Users can scan and receive a risk rating for any smart contract or verify its authenticity before interacting with it. The risk scanner is powered by AvengerDAO. We welcome security providers to get in contact about AvengerDAO here.

For example - BNB Chain security team also managed to identify a rugpull before it happened — 1 example is YieldRobot. It was identified back on 9 December 2022 by our internal team, and flagged as High risk in our risk scanner. The project rugpulled on 17 January 2023.

We could have rescued $2.1m, which is 25% of the funds lost on BNB Chain in Q1 2023.

BNB Chain community run initiative, AvengerDAO's meter API has scanned over 1 million unique contract addresses, identifying 35,000 as high risk. Users were notified not to engage with these contracts.

AvengerDao has successfully identified numerous security issues; however, there have been instances where opportunities to safeguard the project were missed due to our inability to reach out promptly. Consequently, we are eager to collaborate more effectively with blockchain projects and developers universally.

To facilitate quicker and more efficient communication, we encourage these entities to provide their contact details here. This way, in the event we detect any security issues, we will be able to notify them at the earliest opportunity.

Improvements on BNB Chain

The data comparison between the two most recent six-month periods on the BNB Chain illustrates notable improvements. This is clearly demonstrated by the following statistics:

When comparing the value of hacks between the latest six-month period (January to June 2023) and the previous period (June to December 2022), there's a substantial decline in losses. In the latter half of 2022, losses amounted to +$713M, inflated due to the outlier BNB Chain Bridge Hack. However, in the first half of 2023, this figure dropped significantly to +$34M, indicating improvements in security measures.

On the other hand, the comparison between scams during these two periods indicates that further progress is necessary. While there was a decrease in the loss from over +$117M in the latter half of 2022 to +$66M in the first half of 2023, the figures show there is still room for significant improvement. The raw data details can be viewed on Github here.

These trends underscore the ongoing positive developments within the BNB Chain ecosystem, though they also highlight the areas where more work is required to enhance the network's security and integrity.

Furthermore, in an effort to provide a richer and more well-rounded perspective of the impacted projects and TVL on BNB Chain, our core team did an exhaustive exploration of this data. Not only does this deeper analysis aim to address any misconceptions associated with these BNB Chain breaches, it also intends to provide a more comprehensive insight into the situation.

The latest AvDAO progress

a. Web3 Risk Framework on the following aspects:

  • Business Continuity
  • Crypto Wallet
  • Decentralized Finance
  • Smart Contract
  • Project Management

b. RedAlarm: Over 40-50 addresses flagged in RedAlarm on a weekly basis.

c. Weekly incident risk report. link

d. Community supported by top security partners

e. Risk Scanner

In H1 2023, only around 181 out of an estimated 2,000 active projects in the ecosystem were impacted, which accounts for 9 percent of the total projects.

In the first half of 2023, an analysis of the BNB Chain ecosystem reveals that about 181 projects out of an approximate total of 2,000 active were adversely impacted. This figure represents a mere 9 percent of the overall project count, an insight which hints at the overall robustness and resilience of the ecosystem.

There were about 116 instances of hacks on the BNB Chain that impacted these 181 projects in H1, 2023.

Digging deeper into the specifics of these incidents, the breakdown is as follows: a majority of the projects were impacted due to incidents related to hacking attempts, a stark reminder of the ongoing security challenges in the web3 space. The remainder of the reported incidents were the result of 'rug pulls,' a term referring to a type of scam where developers abandon a project and run away with investors' funds, thereby yanking the 'rug' out from under their feet.

Lastly, amongst the 181 incidents, there was a single event which was the result of a white hat hack. In this context, a white hat hacker is a cybersecurity professional who uses their skills to find and fix potential vulnerabilities, typically with the goal of enhancing system security.

Thus, the first half of 2023 brought a variety of challenges to the BNB Chain  ecosystem. Nevertheless, it's important to note that the vast majority of projects—91%—were not affected by these issues, a testament to the strength and resilience inherent in this dynamic space.

Note: In our internal tracking, we estimate a total of 2,000 projects that were historically active on BNB Chain in H1 2023. It's important to note that there is often a long tail of unknown projects on most Chains, which may not be captured on public  sources like DappRadar or even within internal tracking. They also may not all be reflected on DappBay if they are now dormant or replaced/relaunched. Therefore, we can quote around 2,000 active projects on the BNB Chain in H1, 2023 for this purpose.

$101M was impacted, which is less than 2% of total TVL of $ 5-6 B on BNB Chain in H1 2023

During the first half of 2023, the total fiat value impacted due to the incidents was $100 million. This means less than 2 percent of the overall TVL was influenced, indicating that the vast majority of the ecosystem's assets remained secure and unaffected.

To put this into context, the average TVL for the BNB Chain during this period was estimated to be somewhere between $5 billion and $6 billion. This figure serves as a testament to the immense blockchain activity and liquidity within the BNB Chain ecosystem. Despite the notable absolute value of the impacted TVL, thus suggesting a considerable level of resilience within the system.

BNB Chain accounts for 0.9% vulnerabilities of the entire ecosystem based on the TVL in Q1 2023

The BNB Chain, despite its significant economic activity, exhibited remarkable security during Q1 of 2023. According to data based on Total Value Locked (TVL) (from Defilama and ImmuneFi report), BNB Chain was responsible for only 0.9% of the entire ecosystem's vulnerabilities.

Vulnerabilities' impact as % of TVL

Chain TVL Estimated $ impact acc to Immunefi % of TVL
Ethereum 51,820,000,000 248,432,360 0.48%
BNB Chain 5,490,000,000 30,948,216 0.56%
Polygon 1,270,000,000 121,230,000 9.55%
Arbitrum 2,370,000,000 9,705,690 0.41%
Optimism 1,090,000,000 7,680,000 0.70%
Avalanche 1,060,000,000 8,500,000 0.80%

Source: Defilama for TVL, ImmuneFi Report for $ Impact

The table above shows the Total Value Locked (TVL) of six different blockchain networks, as well as the estimated dollar impact from Vulnerabilities, according to Immunefi and the percentage of TVL represented by that impact.

Ethereum has a Total Value Locked (TVL) of $51.8 billion, with 0.48% ($248.4 million estimated by Immunefi) of its TVL being impacted by vulnerabilities. In contrast, BNB Chain experienced a 0.56% vulnerability impact on its TVL, while Polygon had a much higher vulnerability impact of 9.55% on its TVL.

Follow us to stay updated on everything BNB Chain!

Website | Twitter | Twitter (Devs) | Telegram | dApp Store | YouTube | Discord | LinkedIn | Build N' Build Forum | Dev Community|