Binance Smart Chain Claims DeFi Attacks ‘Organized and Targeted’

In the wake of an increasing number of hacks and attacks on Binance Smart Chain (BSC) protocols, the community is calling for action.

Binance Smart Chain has become the epicenter of DeFi crime recently with protocol after protocol falling victim to hackers exploiting weak system design and code bugs using flash loans.

The BSC community has suggested that these attacks are organized and connected. In a tweet on May 31, it called upon the projects running on the chain to be more vigilant and apply necessary risk control measures.

“There are >8 flash loan hacks recently, we believe, well-organized hackers are targeting BSC now. It is a very challenging time for the BSC community. We are calling for the actions for all the dapps.”

It would not be surprising if these attacks were coordinated. Many of the protocols running on BSC are clones of others, meaning the design and code flaws would be replicated through them.

Triple check your code

BSC suggested that projects worked with their audit companies to do another health check. It also said that if they are forked projects, double and triple check changes from the original version.

There was also advice to make a contingency plan for worst-case scenarios and set up a bounty program. A number of DeFi protocols have created compensation plans for their users in the wake of an attack. Allocating a portion of their tokens for such purposes would be a good idea under the current circumstances.

So far this year the lengthening list of BSC attacks includes PancakeBunny, Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, Spartan Protocol, and BurgerSwap.

Binance has now turned to blockchain intelligence company CipherTrace for analytics support in order to mitigate further incursions.

Belt Finance attacked for $6M

The most recent BSC DeFi protocol to fall was Belt Finance which lost $6.3 million in a flash loan exploit over the weekend.

On May 29, an attacker created a smart contract that used PancakeSwap for flash loans and exploited the beltBUSD pool and its underlying strategy protocols. The malicious actor executed 8 transactions across various strategies to net a total profit of 6.2 million BUSD according to a blog post on the incident.

Its native token BELT has dumped over 50% this weekend in a fall to $27.65 at the time of press. It will likely not be the last BSC protocol to be exploited in this manner.