BNB Chain has reported a substantial improvement in its security performance for Q2 2024, with total financial losses down by 87% year-over-year (YoY) to $9.2 million. The enhanced security measures implemented by BNB Chain have led to a significant decrease in both the total amount lost and the number of security incidents.

Quarterly Performance Highlights

In Q2 2024, BNB Chain experienced a total loss of $11,731,093 across 35 security incidents. This marks a 19% decrease in total losses and an 18.6% decrease in the number of incidents compared to Q1 2024. Compared to Q2 2023, there was an impressive 83.3% reduction in total losses, showcasing the effectiveness of the platform's security enhancements.

Key Incidents and Attack Vectors

Private Key Compromise: The most significant loss was incurred by ALEXLabBTC’s bridge "XLink," which suffered a $4.3 million loss due to a private key compromise.

Contract Vulnerabilities: This remains the most frequent attack vector, accounting for 20 incidents and $3,231,584 in losses.

Exit Scams: Eight incidents of exit scams resulted in $3,219,166 in losses.

 

Figure 1: Monthly Summary of Q2 2024 by Amount Lost and Number of Incidents

 

Other Vectors:

Access Control: 1 incident, $820,000 lost.

Price Manipulation: 2 incidents, $113,343 lost.

Flash Loan Attacks: 2 incidents, $47,000 lost.

Monthly Summary

April: $5,702,666 lost across 17 incidents.

May: $5,710,927 lost across 11 incidents.

June: $317,500 lost across 7 incidents.

Quarterly Comparison

Compared to Q1 2024, the total amount lost in Q2 decreased by $2,715,821, from $14,446,914 to $11,731,093, an 18.8% reduction. Similarly, the number of incidents decreased from 43 to 35, an 18.6% reduction. This decline indicates substantial progress in reducing both the financial impact and the frequency of security incidents.

 

Figure 2: Common Attack Vectors in Q2 2024

 

Industry-Wide Impact

In Q2 2024, BNB Chain's losses were part of a broader trend of decreasing incidents across the cryptocurrency industry. The overall crypto space saw a reduction in losses from $731,828,901 in Q1 to $594,274,208 in Q2, an 18.79% decrease.

 

Figure 3: Q1 and Q2 Comparison by Amount Lost and Number of Incidents

 

Notable Hacks and Recommendations

ALEXLabBTC Hack Analysis:

Date: May 14, 2024

Amount Lost: $4.3 million

Cause: Private key compromise through phishing, highlighting centralization risks.

Recommendations for DeFi Protocols:

Multisig Accounts: Transfer admin roles to multisig accounts with timelock features.

Redistribute Permissions: Distribute centralized roles among multiple sub-roles to mitigate risks.

Recommendations for Individual Investors:

Hardware Wallets: Use hardware wallets to securely store private keys offline.

Multi-Signature Wallets: Implement multi-signature wallets requiring multiple keys for transactions.

Phishing Awareness: Be vigilant against phishing attacks and avoid entering private keys on unsecured websites.

Contract Vulnerabilities: Continue to be the most frequent and impactful.

Exit Scams: Significant losses, particularly in April.

Private Key Compromises: Highlight the critical need for secure key management.

Flash Loan Attacks: Less frequent but still impactful.