Kraken Expands Crypto Custody Services to Institutions in UK and Australia
Hacks, Rug Pulls Cost BNB Chain $1.6B Since Inception: Immunefi
As much as $1.64 billion has been lost to hacks and rug pulls since BNB Chain’s inception in 2017.
Some $368 million has been attributed to rug pulls, making it the primary target for launching nefarious tokens.
There was a reduction in losses in 2023 and 2024 following a series of hard forks to address the network’s vulnerabilities.
BNB Chain retains the dubious honor of “preferred target for rugpulls,” according to a report by bug bounty platform Immunefi.
Some $1.64 billion has been lost to hacks and rug pulls on BNB Chain since its inception seven years ago, Immunefi said. Of that, $1.27 billion has been attributed to hacks, with the remainder linked to rug pulls. A rug pull is a type of fraud that involves creating a project with the sole purpose of stealing deposited funds and abandoning the project.
In total, the report assesses 228 rug pull cases that account for $368 million, the largest of which was the $40 million DeFiAI rug pull in November 2022.
In contrast, Ethereum, the second-largest blockchain and the largest smart-contract platform, has racked up losses of $3.6 billion, but just 4.4% of that is due to rug pulls, the report said.
The primary reason BNB Chain is the most common blockchain for rug pulls – a title it’s held for more than a year – is developers using forked code, Immunefi said. It also claimed that the BNB Chain community is often lured in by “quick ways to make money.”
Still, losses dropped last year following the ZhangHeng, Plato and Hertz hard forks, which were aimed at addressing network vulnerabilities. This year saw a further reduction, with just $38 million being lost year-to-date.
The blockchain has also suffered numerous exploits and hacks, with $200 million being lost to price manipulation of the Venus Protocol’s native token in 2021, and, in 2022, DeFi protocol Qubit Finance suffered an $80 million loss after the QBridge was hacked.
BNB Chain had not replied to an email seeking comment by publication time.