Recently (February 10), BNB Chain announced that Jump Crypto’s technical team helped discover a serious vulnerability in this ecosystem.
On his personal Twitter, CZ – CEO of the Binance exchange – posted a status line thanking the Jump team for the move.
Many thanks to @jump_ for reporting this bug. They got a great security team. Really appreciate it. https://t.co/bqidp5X3Y2
— CZ Binance (@cz_binance) February 10, 2023
“Thanks to the Jump team for discovering and reporting this vulnerability. They have an amazing technical team. We appreciate this support.”
According to a BNB Core team representative, the above vulnerability was reported by Jump on February 7 and was fixed after a few hours.
Yesterday (February 11), the technical team of Jump Crypto also published a detailed report related to the above issue.
We are now sharing the technical write-up of the vulnerability in @bnbchain that @_fel1x (a security researcher at @jump_) discovered and disclosed earlier this week: https://t.co/JsnUuVtGyE
— jump_crypto 🔥💃🏻 (@jump_) February 10, 2023
Accordingly, the core of the problem lies in the BNB Beacon Chain (formerly Binance Chain). This vulnerability allows unlimited minting of tokens on BNB Chain (the new name for Binance Smart Chain).
The Beacon Chain version of BNB is built on the same framework as the Cosmos SDK toolkit. However, the BNB Beacon Chain has not updated several key changes in the Cosmos SDK recently, resulting in inconsistencies with the current BNB Chain.
The version of code used by BNB Beacon Chain has differences in the way data is transmitted (Messaging) between chains, thus opening a loophole for hackers to attack and mint a bunch of tokens.
This is not the first time that the interaction between Beacon Chain and BNB Chain has had problems. Previously, the bridge of the BNB Beacon Chain was also attacked, with damage ranging from 586 million USD.
It can be said that Jump’s support move this time is very necessary and timely, helping to avoid unnecessary damage to user property.
Synthetic Kyptos
