top of page
Search
  • Writer's pictureSarah Dixon

BNB Chain Vulnerability Could Have Led to ‘A Large Loss of Funds’ Says Trading Giant Jump


In the world of cryptocurrency, security is paramount. However, despite the many measures put in place to protect digital assets, vulnerabilities can still emerge. Recently, a vulnerability in the Binance Smart Chain (BNB) has caused concerns among traders and investors, with trading giant Jump warning that it could have led to a “large loss of funds”.


This potential threat has once again highlighted the need for constant vigilance in the world of cryptocurrency and the importance of understanding the potential risks and vulnerabilities present. In this article, we will take a closer look at the BNB vulnerability and what it means for the wider world of cryptocurrency trading.


On February 10, Trading Giant Jump Crypto posted a blog post about a thorough analysis of the vulnerability discovered on BNB Chain two days earlier, which might “have resulted in a massive loss of funds.





Analysis of the BNB Chain Vulnerability

Jump Crypto, a web3 infrastructure startup, recently discovered a vulnerability in the Binance BNB Beacon Chain that could have allowed for the creation of an unlimited number of arbitrary tokens. After privately informing the BNB team, a patch was quickly developed and distributed to address the issue.


On February 10th, Jump Crypto released a report detailing the incident, as part of its ongoing efforts to improve security measures in the cryptocurrency sector. The company has been actively monitoring various networks to identify and address vulnerabilities through coordinated disclosure. In the course of these investigations, Jump Crypto has identified several minting bugs on the BNB Chain.


As per the report, the BNB Chain comprises two blockchains: the EVM-compatible Smart Chain (BSC) which is based on a fork of go-Ethereum, and the Beacon Chain which is built on Tendermint and Cosmos SDK. However, due to the complex technological structure of the BNB Chain, detecting vulnerabilities can be challenging.


The Beacon Chain uses a BNB fork on GitHub with multiple BNB-specific modifications. Moreover, it deviates from the Cosmos SDK upstream in several ways, which prompted Jump Crypto to scrutinize the differences carefully.


In addition, the identified vulnerability would have enabled an attacker to produce a virtually unlimited quantity of BNB tokens by means of a fraudulent transfer, leading to the recipient accounts receiving a considerably higher number of BNB tokens than the original amount sent by the sender.





Resolution of the BNB Chain Vulnerability by the BNB Team

Changpeng “CZ” Zhao, the CEO of Binance, expressed his appreciation on February 10th towards the security team and Jump Crypto, the trading giant, for their role in identifying a vulnerability on the BNB Chain.


CZ responded to a tweet from V, who is the head scientist at BNB Chain. According to V, the security team at Jump Crypto reported a vulnerability to Binance in the blockchain network. V mentioned that the blockchain forensics team dealt with the matter professionally.


Moreover, Changpeng Zhao, the CEO of Binance, has confirmed that their team has resolved the issue by ensuring that any overflow in the BNB calculation would lead to a transaction failure. The BNB team has solved the problem by implementing overflow-resistant arithmetic algorithms for the sdk.Coin type.


In case the Coin calculation surpasses due to the patch, Golang will trigger a panic, and the transaction will fail. The discovery of the vulnerability underscores the importance of teamwork in the cryptocurrency sector.


Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

bottom of page