DeFi security incidents are frequent, how can BSC clear the gloom?

BSC ecological prosperity continues to increase, DeFi+NFT becomes the new expectation in June.

This past May, the entire crypto market was shrouded in “gloom”. Bitcoin once fell to the $30,000 mark, more than half of the previous high, and all kinds of tokens also fell in response, and DeFi projects, the vanguard of this bull market, also suffered a collective setback.

The BSC on-chain ecology was not spared either, as Defistation data showed that its on-chain position dropped to $26.66 billion, compared to $53.63 billion on May 11. In addition to the recent overall decline in the market, the successive security incidents on the BSC chain have also dealt a major blow to user confidence in BSC’s DeFi program.

After a series of DeFi security incidents, what countermeasures have been taken by BSC, together with the gradually bleeding NFT market and the upcoming launch of the NFT trading platform pushed by Coinan, will BSC be able to sweep away the gloom of May.

DeFi lightning loan attacks are frequent and BSC “takes the blame”
On June 5, security agency PeckShield sent a warning that BurgerSwap, the first automated market maker on the BSC chain, had been attacked by lightning loans again, only a week after the last attack. 1.4 million USDT, 432,000 BURGER and other tokens. An official compensation plan was then released, airdropping new tokens of cBURGER to eligible users. A week later, the same project on the BSC chain was hacked in quick succession, both by lightning loans.

Not only BurgerSwap, but also PANews, according to public statistics, several projects on the BSC chain such as Spartan Protocol, PancakeBunny, Bogged Finance, AutoShark, JulSwap and Belt Finance were also attacked by lightning lending to varying degrees in May, and the amount lost accounted for 35% of all security event assets lost on the BSC chain in that month.

Those who know DeFi know that lightning loans are not actually meant to be a tool for evil, but rather an innovation, an unsecured and unsecured way to lend. The borrower needs to repay the loan and interest before the blockchain transaction ends, if not, the transaction will not be packaged into the block and the borrowed funds will be returned as is, then the loan will be as if it never happened, the lightning loan uses the properties of the blockchain to achieve things that cannot be done in traditional finance.

DeFi security incidents are frequent, how can BSC clear the gloom?

For platforms that offer flash loans, such as Uniswap and Pancakeswap, only the funds are lent and recovered plus interest; the platform does not interfere with what the funds are taken for in between. Since the smart contract for the loan must be completed in the same transaction it was lent, the borrower must use other smart contracts thus helping him to make an instant transaction with the loan funds before the transaction is closed.

Anyone can initiate a lightning loan transaction, as long as the strategy is available at the time of the moment. The cost to the originator includes gas fees, transaction fees, slippage, etc. As long as the vulnerability of the project side can be caught, the attacker provides a large amount of funds in a very short period of time, which can be used as the cost of the attack to exploit the code vulnerability or manipulate the pricing to profit from the arbitrage process.

For the recent frequent lightning loan attacks, BSC officials said that it has been targeted by an organized team of hackers. It also called on all DApps on the chain to guard against risks, and suggested that chain projects cooperate with auditing companies to conduct health checks, and in the case of forked projects, changes made relative to the original version need to be checked repeatedly; and necessary risk control measures need to be taken to actively monitor abnormalities in real time, and suspend the agreement in time once abnormalities occur; at the same time, project parties should also formulate contingency plans to prevent the worst case scenario, and if conditions A vulnerability bounty program can be set up if conditions allow.

Since several DeFi security incidents have occurred on BSC, it also triggered some users to question BSC, and some even believe it is a security vulnerability of BSC.

Samy Karim, Coordinator of Business and Ecosystem Development at Cryptocurrency, also responded, “BSC is a public, license-free infrastructure on which anyone can deploy projects, including malicious participants and hackers, and the DeFi vulnerability is not new and definitely not unique to BSC.”

There have been no security incidents or hacks on BSC, and because some dApps have been attacked, it’s hard to say that BSC is insecure. Apart from BSC, other public chains are more or less subject to hacking attacks, and it is impossible to dismiss the whole public chain directly because of individual projects on the public chain. Moreover, the development of dApps is still in the early stage of the industry, and it needs continuous iteration and update in terms of technology, product and security.

In fact, because of the richness of the DeFi ecology of the Coinan smart chain, it is being attacked more and more frequently, and in a way, BSC is very similar to Ether last year. According to PeckShield Pai Shield 2020 security incident statistics, the number of DeFi security incidents on Ether reached 60 for the year, with over $250 million in losses, far exceeding the 2019 figures. And lightning loan attacks were also the hardest hit, followed by re-entry attacks and more.

Hacking attacks are profitable due to the BSC ecosystem boom
The BSC ecology is currently booming and profitable, so it has become a key target for hackers.

In fact, as early as 2019, Coinan launched its first public chain, Binance Chain, which also features high throughput, but lacks virtual machine and smart contract support, so it is mainly used to operate Binance DEX and some other native DApps.

In contrast, BSC, the Cryptocurrency Smartchain launched in 2020, is compatible with the Ethereum Virtual Machine (EVM) and supports smart contracts. Developers can easily migrate DApps on Ether to BSC with minimal configuration, avoiding the high transaction fees on the Ether chain.

Since this year, BSC has gotten a long development, and its advantages are becoming obvious in terms of on-chain project ecology, total number of users, and user activity. According to the data of bscproject, as of June 6, BSC ecology covers many fields such as DeFi, NFT, tools and infrastructure, with 637 projects and 76,468,636 addresses on the chain; the number of daily transactions on the day reached 4,447,832 on BSC, 392% of that of Ether, which was only 1,134,526. In addition, CryptoDep data shows that 9 out of 10 dapps with the most active users in the past 30 days were deployed on BSC.

DeFi security incidents are frequent, how can BSC clear the gloom?

The rapid rise of BSC can not be separated from the low GAS fee and fast transfer speed, which can enhance the user experience to a large extent. In the blockchain industry, there are many public chains with high performance and low fees. BSC not only has these characteristics, but also has the support of Coinan and the wealth effect brought by this, even the founder of FTX, SBF, has close to $2 billion in DeFi assets on BSC.

In terms of DeFi, BSC on-chain lock volume accounted for as much as 26% and is currently 18.6%. In terms of DEX 24-hour trading volume, BSC ecological project PancakeSwap has long surpassed Uniswap, SushiSwap and other ethereal head DEX, and its May volume reached $156.48 billion, accounting for 49% of total DEX trading volume. Even if you jump out of the BSC ecology, PancakeSwap’s position is hard to shake.

The more prosperous the BSC ecosystem is, the stronger the Matthew effect of its on-chain asset pooling will be, and when hundreds of projects with millions of users flood in, they become extremely easy targets for hackers and scammers. But perhaps the same as the development experience of ecological projects on Ether, perhaps the projects will be more robust after going through this process of security vulnerability, and the BSC ecology will be more flourishing.

The project needs to control the inner logic of “Lego combination” to keep the security line well
The frequent lightning attacks on the BSC chain have once made the community associate the word lightning with negativity and may be discouraged from developing on the BSC chain.

In fact, PeckShield believes that the recent spate of lightning lending attacks partly stems from the fact that many projects themselves do not understand the logic of the business and copy the code of a project and then hastily go live with a few adjustments. For example, BurgerSwap and JulSwap, which were attacked on BSC, were copies of Uniswap’s code, and AutoShark and Merlin Labs, two aggregator protocols, were copies of PancakeBunny’s code.

PeckShield recommends that new contracts should be audited before going live, and attention should be paid to troubleshooting business logic vulnerabilities when combining with other DeFi products, as well as designing a risk control meltdown mechanism and introducing threat-aware intelligence and data situational intelligence services from third-party security companies to improve the defense system.

All DeFi protocols have variables, and even if a protocol is audited multiple times, a small update can make the audit useless, so even a small update has to be re-audited.

In addition, developers may not have to worry too much about the security performance of BSC itself. According to the official introduction, the security of BSC mainly comes from two aspects. One is the security of the code, the nodes, and the blockchain itself, and the other is the security of the ecosystem.

BSC runs on open source code, which can be audited by third parties and the public. With open source code, anyone with considerable technical knowledge can review the code and assess possible vulnerabilities and threats. the BSC network and its nodes, on the other hand, are made up of 21 elected validation nodes using the PoSA algorithm, which avoids problems such as excessive network control and abuse of power by individual validation nodes.

DeFi security incidents are frequent, how can BSC clear the gloom?

The BSC ecosystem, on the other hand, is composed of multiple components and multiple players, each of which also faces different threats. Examples include the code, algorithms, verification nodes and their hardware, as well as the projects developed on BSC, and the individual users who use them.

The BSC community is also currently working to further enhance the security of the ecosystem and to protect user funds and data. In addition, the BSC core team says it has joined with leading security companies in the industry to form the CryptoSafe Alliance to conduct a series of security-themed trainings; is planning the BSC CryptoSafe Community White Hat Bounty Program; will also deepen its cooperation with security companies in the industry to provide more active penetration testing; and establishing a BSC SAFU fund or insurance agreement to roll out better infrastructure and services.

Ecological prosperity continues to ramp up as DeFi+NFT becomes the new expectation in June
While security alarm bells are ringing, ecological construction needs to continue to be strengthened, and now NFT has become a new focus on the BSC ecology in addition to DeFi.

In fact, as early as last year, CoinSec has made a layout for NFT. When DeFi was still high in popularity, CoinSec first launched NFT-related tokens, and then conducted NFT airdrops with BSC for users, such as Christmas NFT airdrops for DEGO, Alpaca City, BCA, BakerySwap and Bounce, “BSC Farmer’s Day ” conducted a blind box airdrop, etc. And BSC has combined NFT to charity and launched a series of NFT volunteer incentive programs, in addition to collaborations for artists, creators and crypto-creatives.

On the NFT side, BakerySwap has also reaped many bright results, with its NFT platform now minting 98,681 NFTs, with over 365,000 transactions and a transaction value of $625 million. In addition, BSC is further focusing on innovative applications of NFT and DeFi, with the recent Most Valuable Developer Round 2 (MVB II) program under the theme of “NFT Big Bang” in full swing.

In June, Coin’s NFT trading platform Marketplace will go live on the 24th, when it will be deployed on both BSC and Ether. It is understood that the platform has partnered with various celebrities such as All-British Music Award winner Lewis Capaldi, visual artist Trevor Jones, e-sports team eStarPro, footballer Irwin and Alphonso Davies, and will debut their NFT works.

DeFi security incidents are frequent, how can BSC clear the gloom?

With security being paid more and more attention by all parties, the DeFi attack on BSC chain may be improved next. After the whole crypto market has been dormant for a period of time, and the NFT market is gradually bleeding back and the NFT trading platform pushed by the exchanges is launched one after another, the crypto market and BSC may sweep away the previous gloom, and users will also feel the charm of combining NFT and DeFi.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/defi-security-incidents-are-frequent-how-can-bsc-clear-the-gloom/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-06-08 05:16
Next 2021-06-08 05:24

Related articles