Vulnerability Discovered and Fixed in Binance’s BNB Beacon Chain
Jump Crypto, a Web3 infrastructure firm, has reported a flaw in the Binance BNB Beacon Chain that would have allowed the creation of an unlimited number of arbitrary tokens.
The BNB team was alerted to the issue, and within 24 hours, a patch had been developed and implemented. Jump Crypto detailed the vulnerability in a blog post on February 10th, explaining that it could have resulted in significant financial loss.
The Beacon Chain was built on top of Tendermint and the Cosmos SDK, but it deviated from the Cosmos SDK in several ways, which prompted extra caution in its review.
The flaw would have allowed an attacker to mint an almost unlimited number of BNB tokens through a malicious transfer, leading to destination accounts receiving a greater number of tokens than the sender intended.
The CEO of Binance, Changpeng Zhao, thanked Jump Crypto’s team for reporting the bug. In October 2022, the BNB Chain was temporarily suspended due to a cross-chain exploit that resulted in the loss of nearly $80 million worth of cryptocurrency.