BNB Chain Q3 2023 report: Plato and Hertz hard forks curb attack risk, yet 126 incidents still cost over $43 million

Implementation of the Plato and Hertz hard forks on the BNB Chain helped mitigate the risk of on-chain attacks, coinciding with a sharp quarter-over-quarter drop in losses and scams, according to a Q3 security report from blockchain security firms AvengerDAO and HashDit. The assessment shows that total losses on the network fell from $69.56 million in Q2 to $43.57 million in Q3, across 126 recorded incidents, as the upgrades aimed to strengthen defenses and improve cross-ecosystem compatibility.

Technology Overview

The BNB Smart Chain (BSC) underpins one of the largest smart contract ecosystems by transaction volume and active users, drawing a broad mix of protocols seeking to deploy applications on infrastructure compatible with Ethereum Virtual Machine environments. This breadth of activity also attracts adversaries, making chain-level safeguards and coordinated threat monitoring central to the network’s resilience.

The Q3 report centers on recurring threats facing participants, including scams, hacks, and rug pulls. A rug pull occurs when a project’s developer promotes a token or application to attract capital and then abandons the effort while removing funds, leaving users with losses. Such episodes have repeatedly undermined trust and slowed adoption, which is why the report evaluates how chain upgrades and security practices are shaping outcomes.

How It Works

Plato and Hertz were activated in August as hard forks—protocol changes delivered through a software update—to adjust network rules and behavior. The report notes these upgrades were designed both to curb the likelihood of malicious activity and to broaden the BNB Chain’s interoperability with other Ethereum Virtual Machines. Together, the changes reflect a dual objective: address attack surfaces while ensuring that applications benefit from familiar tooling and environments.

The report also references the role of continuous monitoring by security organizations and independent on-chain analysts. As BNB Chain put it, “This can be attributed to the fact that Web3 Security companies and on-chain sleuths are monitoring transactions ever so closely. Hence, hackers are deterred from being blackhat as they might be traced to their real identity.” The presence of watchful defenders adds friction to exploit attempts and can raise the cost of illicit behavior.

Security Findings in Q3 2023

AvengerDAO and HashDit’s data indicate notable quarter-over-quarter progress. From Q2 to Q3, fiat-denominated losses on the BNB Chain declined from $69.56 million to $43.57 million. Within Q3, incidents aggregated to 126 cases, split between scams and hacks, with scams representing 64.20% of events and hacks accounting for 35.71%.

The temporal distribution of losses within the quarter was uneven. Most losses were concentrated in September, followed by July, and then August. While the report does not enumerate each case, it highlights both the changing pace of incidents and the categories most frequently targeted.

The mix of affected projects also reveals where adversaries concentrated their efforts. MEV-related initiatives experienced the most attacks, followed by GameFi and Gambling projects. This targeting reflects the surface area of applications that handle frequent value transfers and user interactions—environments where a single vulnerability can escalate quickly.

Several high-profile incidents punctuated the period. The report cites a $6.2 million loss linked to CoinEx and a $17.8 million loss on Stake.com, a crypto-gambling protocol that enables wagering across a variety of games. Although the individual circumstances vary, these events illustrate how a combination of user-facing applications and financial operations can become focal points for attackers.

The report also quantifies the effect of the August upgrades in broad terms. It records a 75% reduction in scams on the network and a 43% decrease in hacks, contextualizing these declines alongside a narrative of heightened vigilance by security firms and on-chain investigators. While upgrades are not a panacea, the interplay between protocol changes and active monitoring is presented as a factor contributing to the downward trend.

Industry Impact

Comparative data from the same report situate the BNB Chain’s experience within the wider landscape. Across chains, Ethereum and Tron collectively accounted for 70% of all scam incidents during the period, while BNB Chain recorded 30% fewer incidents than Ethereum in Q3. Even so, measured on a year-to-date basis at the report’s timeframe, the BNB Smart Chain still represented the highest number of cases overall—a reminder that short-term improvement coexists with a larger body of incidents accumulated over the year.

For users and developers, the findings underscore the importance of security considerations at multiple layers: protocol design, application development, and real-time threat intelligence. Reductions in losses and incident counts can bolster confidence, but persistent exposure in absolute terms keeps risk management at the forefront of building and using decentralized applications.

Future Implications

The BNB Chain Core Development Team indicated that its efforts are aimed at sustaining the observed reductions in hacks and scams. In remarks shared with AMBCrypto, the team emphasized the continued relevance of third-party security collaborators: “Hashdit and AvengerDAO committees are at the forefront of crypto security and have seen a steady increase in users and integration with major ecosystem players. They are contributing greatly to the Web3 ecosystem and crypto community with these reports, empowering users and developers with essential security knowledge to make informed decisions.”

Looking ahead from the report’s perspective, the combination of protocol-level adjustments, compatibility with EVM tooling, and active surveillance by specialized firms and independent analysts presents a layered approach to defense. For a high-throughput chain that hosts a wide array of applications, each component—hard forks to refine the rules of the network, shared security intelligence to raise attacker visibility, and ongoing evaluation to identify patterns—contributes to a security posture that can adapt as adversaries evolve.

By anchoring its Q3 narrative in concrete outcomes—lower aggregate losses, fewer scams and hacks, and clearer hotspots by sector—the report frames Plato and Hertz not merely as upgrades, but as part of a coordinated effort to harden the BNB Chain while preserving the developer experience expected of EVM-compatible environments. That interplay between technical change and operational vigilance will likely continue to shape how the network manages risk as participation grows.