A new AvengerDAO report by security firm HashDit has revealed a 75% drop in the amount lost to scams on BNB Smart Chain (BSC) in the third quarter of 2023.
The figure stood at $55.4million in the second quarter, which has now dropped to $13.6m. The security firm attributed this mainly to the overall awareness among community members of the blockchain.
There has also been an uptrend in security products that alert and flag malicious websites and activities. As a result, community members get to identify scams early as they become aware of the same before the scammers can succeed.
To facilitate the same, the ‘ZhangHeng’ upgrade went live on the blockchain in the month of July. It was aimed at fixing a few bugs and patching some security issues.
The hard fork also implemented BEP-255 which brought in a new feature called asset reconciliation. Also known as the “panic” feature, this made the blockchain stop producing new blocks in case of a reconciliation error.
Developers explained the same on GitHub saying: “If a reconciliation error occurs, the blockchain will stop producing new blocks, impacting downstream services such as bridges, deposits, and withdrawals on exchanges. This drastic action is necessary to protect the chain and its users, so core developers and community members should investigate the issue as soon as possible.”
Therefore, by halting BNB Beacon Chain block production upon discovering reconciliation errors while tracking user balances, the update attempted to improve security and potentially prevent hacks like the one that was experienced in October 2022.
Last year’s $100m worth cross-chain bridge exploit happened due to a flaw in the IAVL Merkle proof verification system. This allowed the malicious hacker to steal two million $BNB.
In response to the exploit, Binance paused the system for hours and introduced a blacklist mechanism. This Binance Bridge attack was one of the biggest hacks in 2022 and its team worked thereafter to avert such instances.
Back when Binance had introduced the ‘panic’ feature to tackle exploits, it said that the change would impact “downstream services such as bridges, deposits, and withdrawals on exchanges”. However, this “drastic action” is necessary to protect the chain and its users.
Despite the recent drop in scam losses, rug pulls dominated about 67% of total losses on the blockchain in this quarter.
Rug pulls happen when a maliciously acting project entices investors with marketing efforts but does not deliver their promised products. The founders then eventually run away with investor funds. According to HashDit, this remains BSC’s most common attack vector.
The report also highlighted the prevalence of reserves and price manipulation on BSC in Q3 2023. According to the analysts, this is because hackers are exploiting “poorly designed smart contracts”.
Last month, cybersecurity analysts at 0xScope and CertiK observed threat actors preferring BNB Smart Chain contracts because it’s cheaper and is seen as having lower security than Ethereum. One of CertiK’s security researcher, Joe Green, explained this saying:
“The handling fee of BSC is much cheaper than that of ETH, but the network stability and speed are the same because each update of JavaScript Payload is very cheap, meaning there’s no financial pressure.”
