In the period from the beginning of May back, the number of Exploit cases increased significantly. Have you ever tried to synthesize them and see if they have any characteristics? If not, then this article may be of help to you. Let’s start with the article.
What is Exploit?
Exploit is a concept to refer to attacks on a computer system. That is, intruders will take advantage of a specific system bug or vulnerability that they discover to break into that system.
Summary of Exploit . events
First, I will summarize all Exploit events from the beginning of May to the present.
The criteria for this table is to summarize Exploit events by date, project name, amount lost, Exploit method (hacked or system error, operating model), related to Flash Loans, and Finally, which blockchain project was hacked.
From the table above, we have 16 exploits and can recognize some of the following keywords:
- Mostly hacked (13/16).
- Most are related to Flash Loans (9/16).
- Most of it is in Binance Smart Chain (BSC) (11/16).
What to draw from that?
To answer the above question, let’s take a look at some figures of Ethereum, BSC and Polygon from about April to now to see what is interesting.
Total Value Locked (TVL)
The figure below depicts the daily TVL change of the 3 ecosystems.
It can be seen that, from early January to mid-May is BSC’s heyday, when TVL’s hit a high of nearly $30B. This can be explained by the fact that Ethereum’s gas fee was too high before, forcing users to find an alternative, which is Binance Smart Chain.
Although the gas fee around the beginning of May may have cooled down, due to the pre-existing momentum, TVL BSC continued to grow until mid-May, when it started showing signs of recession.
Profit per day also follows the same pattern as TVL, which further reinforces the fact that there are more users using BSC.
Active Daily Address
Once again, the active wallet metrics prove that the number of users really grew on BSC, not only early April to early May, but even now.
Back to the main question, what can be drawn from the above data?
Why does BSC have so many Exploit events?
With that said, BSC emerged as the only solution for the high gas fee coming from Ethereum from around February 2021, as shown by the BNB price starting to grow strongly as shown below. It is highly likely that the sharp increase in gas fees is due to the competition of bots in putting transactions into the block, called MEV (Miner Extractable Value).
Based on the data analysis, in just 90 days, BSC’s TVL increased to about $23B, along with the number of active wallets increasing by almost 4 times during this time, showing that BSC is really hype. Plus the previous meme coin trends (Doge, Safemoon,…) have led to one thing: More and more projects are springing up on BSC, but most of the projects are meme-oriented, or fork out. from big projects to keep up with the trend.
The result of that “instant eating” has been shown in the series of Exploit cases mentioned above, when more than 60% of the incidents were in BSC. The reason is that these projects code quickly to follow the trend, without understanding the essence of what the project needs to do to prevent hacking.
Back to Daily Revenue, despite the growth, but because the fee is so cheap, the profit amount of the project on BSC is not too much. The most obvious sign is that the peak of BSC has not yet reached the low of Ethereum ($3.23M).
Personally, I don’t rule out the possibility that the projects themselves create these Exploited cases to bring profits to the dev team themselves. “Users can farm with assets, devs can farm with projects” (note: this is just personal opinion).
As a result, user confidence began to decline, leading to a significant decrease in the TVL of BSC. Partly, of course, is also because Polygon is starting to grow, sucking up a portion of the TVL of both Ethereum and BSC.
And if teams keep dev in this way, it is inevitable that BSC will be hacked in the future.
Will the next victim be Polygon?
Based on the chart, it is easy to see that Polygon (MATIC) also has a very strong growth between February and May, just like BNB. The reason for this is because the structure of BSC and Polygon is similar to Ethereum, it is very easy to build a project on it, but the fees are much cheaper, so Polygon also becomes an alternative to Ethereum like BSC .
If you notice, Polygon looks like a 2nd Binance Smart Chain, when the indicators all support that Polygon is in a strong state of development.
So when “smells easy to earn” on a new platform (Polygon), there will be many speculators developing projects quickly to make profits by rug pool, exploitation, …
And as a matter of course, the problem began to appear on Polygon gradually with 2 unfortunate events that happened in 6 months: Iron Finance and SafeDollar. Although both are not due to hack, but both have problems in the design of the model is not thorough. In the future, I predict that the frequency of Polygon hacks will start to increase gradually if nothing improves.
Learn more about Polygon’s ecosystem with this article: Overview of Polygon Ecosystem – Make Ethereum Great Again
Why are most hacks related to Flash Loans?
According to the above statistics, up to 56.25% of Exploit cases are bad guys using Flash Loans as a hacking tool. Many of you will wonder if the fault lies in Flash Loans or not? Then the answer in my opinion is no.
For those of you who do not know, Flash Loans can be said to be a great initiative of Crypto, allowing users to make profits quickly. You can learn more about Flash Loans here.
In addition to making profits, the fact that users trade arbitrage (Arbitrage) also helps exchanges to rebalance the token price, making the market stable in price.
In the previous article about the benefits and interesting views about Flash Loans that I have done, Flash Loans has a profound benefit that very few people think about that is filtering out weak projects.
Flash Loans being used to hack projects has been around for a long time. After hacking, not all projects die, but there are projects that develop very strongly, including the hack of Origin (OUSD). Learn more about how Origin is working to get back into the community after being hacked here.
For the reasons mentioned above, it can be said that Flash Loans is not guilty.
However, Flash Loans is like a double-edged sword, depending on what the user does, it will produce results in that direction:
- Users who want to make a profit, will execute Flash Loans in a profitable way;
- If you want to hack, just find the vulnerability, then just use Flash Loans as a loan tool.
So is there any way to prevent this? In my opinion, it is still there.
Some ways to limit Exploit and damage
More detailed code
Most projects are hacked due to forking from large projects, which may not fully understand the nature of the project, or the characteristics of the sector. The devs can fork Uniswap to create a new AMM project, but actually do not understand anything about the nature of AMM, and also the factors affecting how harmful AMM is.
So what needs to be done is that in addition to knowing the code, projects need to add knowledge related to their sector. Besides, if some projects are not hacked, due to the illogical mechanism, leading to errors, it is necessary to learn from previous projects.
The project may have code very well, but that is not without problems. Therefore, buying insurance can be considered as a support plan for compensation. Some names can be mentioned such as Nexus Mutual, InsurACE, …
However, this method only applies to a few projects that are covered by insurance, and most of these projects are already known projects.
So how will insurance in the Crypto market be different from the traditional market? Who are the participants? What risks should be covered? Watch now: Crypto Insurance Market Overview
In new projects that are not supported by insurance, they can design a tokenomic to divide the revenue from the project into many amounts, a part of which will be used to compensate users for damage if there is a risk. out.
If luckily there is no problem for a long time, this money can be farmed at Yield Aggregators like Yearn to generate more revenue.
The development of blockchains in addition to giving users investment opportunities, there are other dangers, that is, not only more scam projects are born, but also users also face being hacked, leading to losses. property damage.
Talking about Flash Loans, this will probably still be a retained and developed feature because of the benefits it brings. Therefore, it is essential to prevent being hacked by Flash Loans that the dev team invest time and knowledge to create a quality project.
What do you guys think about the recent Exploit incidents? Will there be more hacks in the future? You can comment your opinions below.