Recently there have been multiple instances of scams and extensive attacks within the BSC ecosystem. Due to the decentralized permissionless nature of the BSC blockchain, this is an issue that can’t be resolved as easily. There are several major challenges in the BSC now:
This is a very challenging issue, as for any blockchain to succeed, it has to be secure. With Binance Smart Chain, security must be the top priority. The security first principle is ingrained in everything we do, and in this article, we’ll introduce you to the basic threats and answer your burning questions about BSC’s security.
The threats you might be facing on BSC are no different from the majority of crypto-related threats. In some sense, BSC might remind some of the 2017 ETH craze where hundreds of projects with millions of users flooded the blockchain and became a target of hackers and scammers.
The community faced basic social scams, hacking, personal data thefts, and many fake projects and Ponzi schemes. Since then, the attackers gained years of experience, but otherwise not much has changed in the way they operate.
The question of whether BSC or any other blockchain, as a matter of fact, is safe, could be answered in different ways. One element is the security of the code, the nodes, and the blockchain itself, the second element is the security of the ecosystem. The BSC ecosystem consists of multiple parts and participants where each comes with a different set of threats. There’s code and the algorithm, validators and their hardware, projects building on BSC, and also the individuals using it.
The decentralized BSC blockchain is running on an open-source code accessible for third parties and the public for auditing. With open-source code, anyone (with required technical knowledge) has the ability to review the code line by line and assess the possible weakness and threats. The PoSA algorithm built around 21 elected validators prevents individual validators from gaining too much control over the network and going rogue.
The BSC network and the algorithm it operates on are indeed very safe. The track record of BSC clean of incidents or hacks shows that there are no known vulnerabilities or attack vectors that could be abused on the blockchain itself. Security teams and projects incentivized by the bounty program rigorously test every element of BSC’s security on a regular basis, ensuring that even the slightest issues get resolved immediately.
While with BSC network and code, we can verify and audit almost everything, with individual projects it’s a bit more difficult. Not every project on BSC is open-source, and even then, being open-source doesn’t automatically mean secure. Then there’s the security of smart contracts and no zero-defect codes and as each project is developed by an independent team, there’s always a chance of defects.
Due to the decentralized nature of BSC, basically, anyone can build on the network and attempt to list a token on one of the many decentralized exchanges. There’s no reviewal process or centralized governance that would prevent malicious projects from launching on BSC, as such censorship would damage the decentralization and it’s not technically or logistically possible.
There are multiple BSC security companies like Peckshield and Certik that audit and verify different BSC tokens and dApps. Delicate security audits look for potential vulnerabilities in the code, business model, and other aspects. They also often verify the core team members, review their previous experience, or audit the project’s finance. However, these audits are not mandatory and they rarely cover new or emerging dApps. When looking for a genuine project, it’s recommended to avoid uncertified projects and always prefer projects with multiple audits from different companies.
Simply put, no. Bridges can’t stop or revert hacks or suspicious transactions. Bridges are often used by attackers to transfer the stolen assets to a different chain and decrease the chances of being caught. Currently, there are more than 10 bridges between BSC and other blockchains (like Ethereum, Bitcoin, Tron, and others) processing thousands of transactions every minute. Even for bridge operators, it’s very difficult to identify and stop suspicious transactions. Out of the recent incidents, there were 7 hacks that used the Anyswap bridge to move the stolen assets outside of the BSC blockchain.
It’s also important to note that not all the bridges introduced anti-fraud mechanisms (AML, blacklists, etc.) and many to this day don't partner with any professional chain analytics or security companies to minimize the risks.
Thanks to PeckShield, one of the major security partners within the BSC ecosystem, there’s now an easy way to report scams or suspicious projects.
Simply visit https://forms.coinholmes.com/ and enter as much information as you can.
There are many ongoing community-driven efforts aiming to increase the security of the BSC ecosystem and protect the users and their funds and data. Security Companies like PeckShield, CertiK, and others help the BSC ecosystem with auditing, threat intelligence, and security ops, and there are also individual security teams within the projects.
BSC Core team will keep working with industry-leading security companies to introduce better infrastructures and services:
Due to the intensity of the recent incidents, we want to call for community action.
If you are a BSC user:
If you are a developer or a project, you should aim to improve your reputation, security and build trust with your audiences by :
The last 9 months exposed that some of the critical infrastructure and services need to be rebuilt to cater to the rocket growth of users and network activity. As a community-driven and decentralized ecosystem, BSC can survive and thrive only if all the ecosystem members come together and coordinate as a community.
The BSC ecosystem will face many challenges over the upcoming months, but building a decentralized, scalable, and secure blockchain is not easy. We’re asking for your support during these times and we welcome all your suggestions.
Session 1: Understand the security risks of blockchain - by Certik Team
Session 2: Incident response process during and after hacks
Session 3: Project Panel - How projects respond to risks and how general users can protect themself?