Decoding BNB Chain’s dApp Ecosystem: Risky dApps and Smart Contracts (Pt.3)
Decoding BNB Chain’s dApp ecosystem part 3, takes a deeper look at key insights and statistics of risky dApps and risky smart contracts on BNB Chain. Analyzing risky smart contracts and dApps expands on the state of dApps on BNB Chain in part 2, which covered the top dApps by TVL, the most used dApps on BNB Chain, dApps revenue and earnings, dApp categories, and dApp dominance.
- Over the past 365 days, DappBay listed 1276 risky dApps and 1692 smart contracts. In the last 30 days, DappBay’s Red Alarm published 318 risky dApps and 67 risky smart contracts.
- The MAUs of the 50 most used high-risk BNB Chain dApps decreased by over 50% from +220K MAUs to 98.7K MAUs over the first half of 2023.
- DeFi (32.4%), others including mining (27%), and social (11.1%) segments make up a significant portion of risky Red Alarm dApps.
- The most common dApp risk categories on DappBay include phishing (45.1%) and failed websites (21.1%). The most phished dApps and websites include Pepe, Coinbase, BNB Chain, Binance, Ethereum, Trust Wallet, and PancakeSwap.
- The most common smart contract risk includes backdoor (37.2%), threat intelligence (24.3%), and centralization risk (19.2%).
- DappBay’s Risk Scanner draws on Hashdit’s API. Hashdit’s API has scanned over 10 million unique contract addresses, identifying 323,000 as high-risk.
Security on BNB Chain
DappBay helps contribute towards the security of BNB Chain through the help of 2 tools: Red Alarm and Risk Scanner. Red Alarm helps Web3 users identify risky dApps and risky smart contracts on BSC. Risk Scanner helps users scan and verify the safety of any BSC smart contract in real-time along with the risk level of the individual smart contract.
Part 1: Red Alarm
Red Alarm is a tool that helps users identify risky dApps and risky smart contracts on BNB Chain. The Red Alarm risky dApps and risky smart contracts are updated every week (on Friday).
Risky dApps are dApps that carry high levels of risk (or potential risk) and have one or more risk drivers. Between June 2022 and September 2023, DappBay listed 1276 risky BNB Chain dApps. According to Red Alarm dApps by category, DeFi (32.4%), others such as mining (27%), social (11.1%), games (9.8%), and tools and utility (8.6%) make up the Web3 categories with the most number of risky dApps on BNB Chain.
Risky dApps on DappBay are classified according to various risk drivers such as Ponzi scams, rug pull, phishing scam, unverified ecosystem, centralization risk, inaccessible website, high fees, backdoor function, and others (hacks, honeypots, etc.).
Based on the 1276 listed Red Alarm dApps, 574 (45.1%) dApps were listed under the phishing category, followed by 269 (21.1%) dApps under the failed website category making ‘phishing’ and ‘failed website’ the most common dApp risk categories on DappBay.
In the first half of 2023, DappBay published a report on 50 high-risk BNB Chain dApps across multiple Web3 categories with over 220K MAUs combined. Since then, the number of MAUs for the 50 risky BNB Chain dApps has reduced by over 50% to 98.7K MAUs. Moreover, 30 out of the 50 risky dApps with the highest users recorded a decrease in month-on-month users.
Drip, a Ponzi scam that also charges investors a 10% tax, continues to be the most used high-risk dApp recording over 70K users (albeit a 10% decrease MoM) in August 2023. Drip attracts more than 4x the number of users of XEN, the second most used risky dApp on BNB Chain.
Other risky BNB Chain dApps that generate a significant number of MAUs include XEN (17.5K), Zillion Xo (3.9K), BNB Miner (2.6K), BNB Daily Finance (2.3K), Bridgers (2.2K), RealFevr (1.3K), Terkeh (0.9K), and Trip Foundation (0.6K).
Pepe Case Study: Scammers tend to target popular dApps or communities and deceive users through airdrops, minting NFTs, or signing transactions that they may not understand. One of the biggest PEPE scams saw over $7 million stolen from over 5000 victims by a wallet called Inferno Drainer (a Scam as a Service). Some examples of popular dApps and websites targeted in phishing scams include Pepe, Coinbase, BNB Chain, Binance, Ethereum, Trust Wallet, and PancakeSwap.
DappBay has helped identify over 19 risky dApps, websites, and projects that claim to be affiliated, variations, airdrops, fake tokens, or upgrades of Pepe, the meme token.
However, each time a risky platform or dApp is identified, another is set up with a slight variation in the domain name, website, smart contract address, or branding followed by a marketing push.
Risky Smart Contracts
Risky smart contracts are smart contracts that carry high levels of risk and have one or more risk drivers. Risky smart contracts are classified according to risk drivers such as threat intelligence, backdoor, centralization, unverified contracts, scam (Ponzi, honeypot, fake toke), funds from a mixcoin platform, affiliated with malicious addresses and other risks.
Between June 2022 and September 2023, DappBay listed 1692 risky BNB Chain smart contracts. 631 Contracts or 37.2% of all risky smart contracts were listed under backdoor indicating risk which could lead to a rugpull, making it the most popular smart contract risk.
413 Contracts or 24.3% of all risky smart contracts were listed under threat intelligence based on either external threat intelligence or manual analysis. 324 Contracts or 19.2% of all risky smart contracts were listed under centralization. Centralization means centralization in top token holders or centralization of privileged role functions.
Scams (11.3%), funds originating from a Mixcoin platform such as Tornado (4.2%), malicious affiliation with other risky addresses (2.7%), and unverified contracts (0.8%) make up the remaining significant risk drivers for risky smart contracts on BNB Chain.
Part 2: Risk Scanner
Risk Scanner is a Web3 tool that allows users to gauge the reference level of risk associated with a BNB Chain smart contract in real time. The risk scanner determines risk through data accessed through auto-scan tools, algorithm models, and the level of transparency and accuracy of the contract.
DappBay’s Risk Scanner draws the APIs of security providers such as Hashdit and GoPlus. Hashdit has scanned over 10 million unique contract addresses, identifying 323,000 as high-risk. Users get a risk rating between 1-5, the type of risk, risk providers, and other risk details.
PancakeSwap integrated DappBay’s Risk Scanner API into the trade and swap features. When a user adds a BSC token contract to trade on PancakeSwap, the user can get a risk rating on PancakeSwap with the risk details on DappBay’s Risk Scanner.
Stay tuned for deeper insights into BAB and dApps utilizing BAB in part 4 including use cases, benefits, mint statistics, mints by dApps and project.
This report was developed by DappBay and TK Research.
Follow us to stay updated on everything DappBay!
Disclaimer: DappBay is an open platform for all developers building on BNB Chain to display their projects. Description and information on Dapps listed on DappBay are directly provided by the developers of the respective project. Projects featured on DappBay are not recommended, vetted or endorsed by BNB Chain Labs, BNB Foundation or any other affiliated entity. Do your own research - you are solely responsible for your investment decisions and your use of any project featured on DappBay is at your own risk. The material available in DappBay should not be construed as financial advice.