Author| Peter Editor | Tong Producer | PANews
In the past month, the crypto market experienced a difficult time. Bitcoin dropped to $30,000, losing half of its peak values and so did the other tokens.Nascent and leading DeFi Projects also followed the bear slip., On June 6th, Debank published a report on how the DeFi TVL on Ethereum public chain was $86.66 billion, and it had dropped by 35% from the peak value of $132.33 billion on May 11th. BSC ecosystem was no exception to this! Defistation data showed that the TVL has dropped to $26.66 billion, reducing by 50% from peak value of $53.6 billion on May 10th. Besides the overall market slump, the frequent security incidents on BSC have also compromised users’ confidence in the DeFi projects building on top of BSC.
BSC mistakenly blamed for DeFi flash loan attacks
On June 5th ,security organization PeckShield sounded the alarm that the first AMM on BSC, BurgerSwap, had encountered flash loan attacks again, only one week after the last one, which happened on May 28th. BurgerSwap encountered the first flash attack with 4400 WBNB (worth $7 million), 1.4 million USDTs and 432,000 BURGERs were stolen. A compensation plan was issued officially to airdrop new token cBURGER to qualified users. One week later, the same project on BSC was attacked again (the same flash loan attack).
According to open statistics from PANews, not only BurgerSwap, many projects on BSC, including Spartan Protocol , PancakeBunny , Bogged Finance , AutoShark, JulSwap and Belt Financealso also encountered flash loan attacks in May on BSC, and the loss of value accounted for 35% of all assets losses due to security issues on BSC.
DeFi users know that flash loans are not tools for bad actors, it is an innovative form of lending in a mortgage-free and vouch-free way. The borrower should pay back the loans and interest before the blockchain transaction completes, if not, the transaction will not be recorded into the block and the lended capital will be returned, just like the lending has never happened. Flash loans leverage the unique features of blockchain technologies to realize something that traditional finance cannot do.
For flash loan platforms such as Uniswap and PancakeSwap, they are lending the capital and receiving both the capital and interests, and they will not interfere with what the capitals are used for during the process. Since the lending smart contract has to be completed in the same lending transaction, the lender has to use other smart contracts to help it conduct immediate transactions with the lending capital before the transaction ends.
Anyone can initiate a flash loan transaction as long as the strategies are applicable at the time. The initiator costs include: gas fees, transaction fees and slippages. Attackers who have spotted the vulnerabilities of the project can provide a huge amount of capital in a very short time as the attack costs, and then leverage the code bugs to attack or to manipulate the price for arbitrage.
Regarding the frequent flash loan attacks, BSC stated how they might have become the target of an organized group of bad actors. For this, BSC called for risk prevention measures for on-chain DApps, and suggested on-chain projects to cooperate with audit companies for health checks. Forked projects should double-check the updates based on the original versions and adopt necessary risk-control measures for real-time monitoring, so that once abnormal conditions occur, the protocol can be paused timely. The project should also make emergency plans to prepare for the worst scenario. When conditions permit, bounty reward plans may be rolled out.
Since quite a few of the DeFi Security incidents happened on BSC, some users have doubts on BSC and even thought that the cause was the security bugs of BSC.
BSC Ecosystem Project Coordinator, Samy K. said, “BSC is a public permission-less infrastructure, anyone can deploy projects on it, including bad actors and hackers. It is not unusual for DeFi projects to have bugs, and this is not unique to BSC.”
Judging from attacks on Dapps, it is hard to come to the conclusion that is happening solely on BSC.. There are a lot of public chains that encounter attacks, and we can not conclude that the whole public chain is not safe just because some projects on it get attacked. Furthermore, dApps are still in the early stage of development and they still need continuous upgrading and evolution in the technology, product and security aspects.
In fact, BSC is facing a higher frequency of attacks because its DeFi ecosystem is getting more prosperous. To some extent, BSC is very similar to Ethereum last year. According to the security incident statistics in 2020 released by PeckShield, there were 60 DeFi security accidents on Ethereum, causing over $250 million of loss, much higher than the statistics in 2019. And flash loan attacks remain the No.1 cause of security issues and the reentrancy attack.
BSC’s growth has attracted more hackers
BSC has become a key attack target due to the prosperity of its ecosystem.
In fact, as early as in 2019, Binance launched the first public chain (Binance Chain), which is also of high throughput. However, due to lack of support for virtual machines and smart contracts, Binance Chain was used for the operation of Binance DEX and some other native DApps.
In 2020, Binance Chain’s community members launched BSC, which is EVM-compatible and supports smart contract. It is easy for developers to migrate their DApps on Ethereum to BSC, only requiring minimal configuration to avoid the high transaction costs on Ethereum.
Since the beginning of this year, BSC has seen significant growth from on-chain project ecosystem to user volume and user activity, showing more of its strength. According to bscproject data, by June 6th the BSC ecosystem covers DeFi, NFTs, tools and infrastructures, with 637 projects and 76,468,636 on-chain addresses; the daily transaction volume on BSC reached 4447,832, which is 392% of that on Ethereum, which was only 1134,526. According to CryptoDep data, out of the most active 10 dapps in the last 30 days, 9 were deployed on BSC.
Low gas fees and fast transaction speed significantly improved user experience and thus contributed a lot to the rapid rise of BSC. However, while there are a lot of public chains delivering high performance and low cost, BSC may have a lot more to offer.