Changpeng “CZ” Zhao, the CEO of Binance, has revealed that a severe vulnerability was identified and fixed by the BNB Core team early this week.
Severe Vulnerability Fixed In The BNB Chain
In a tweet on February 9, the CEO extended his thanks to the security team behind Jump Capital. Jump Crypto, on their homepage, describes themselves as a group of developers, investors, and traders who are “building the future of web3.”
However, according to some, the Jump Crypto security team identified a defect that would have enabled hackers to infinitely mint BNB. BNB is the governance token of the Binance ecosystem. It is critical in the BNB Smart Chain (BSC), the smart contracting layer, and the BNB Beacon Chain.
According to the Binance Chain team, the Jump Crypto team identified the flaw. They then worked with the BNB Core team toward “responsible disclosure and resolution” of the bug. The Chief Scientist of the BNB Chain thanked the team for handling the bug professionally.
2 days ago, @jump_ reported a severe vulnerability and worked with BNB Core team to fix it within hours. I am amazed by their selflessness and top-notch security team. Really appreciate the professional handling and I am glad to be involved in such a community!
— V (@v_bnbchain) February 9, 2023
Sandeep Nailwal also took note and said the Jump Crypto team has been active in the technical development front, actively building various solutions. A noteworthy move, he said, is their active involvement in building the zero knowledge-based cross-chain bridging to layer-1 clients.
However, neither the Binance team nor the Jump Crypto team has revealed what the bug was.
The Binance Bug Bounty Program
Still, it is not immediately clear whether Jump Crypto was compensated by Binance’s bug bounty program. Presently, Binance pays out a maximum reward of $100,000 for finding bugs.
Every submitted bug, Binance claims, can be validated within a day. Also, for each identified bug, the team can pay the white hacker between $200 and $10,000. However, the total reward can accumulate to $100,000.
White hackers are free to scour through Binance’s ecosystem code, covering the code behind BSC and others, searching for flaws that can be compensated, listed under Binance’s scope.
As of February 10, Binance said it had rewarded 300 vulnerabilities. There were 2,454 programmers under the Binance bug bounty program.
Last year, the BNB Chain Bridge, called the “BSC Token Hub,” was hacked for two million BNB, at that time, worth over $500 million.
Hackers exploited the cross-chain bridge connecting the BNB Beacon Chain and the BNB Smart Chain after they forged messages, allowing them to mint new coins. Because the tokens minted never existed before, there was no impact on other users’ assets.
Hackers eventually managed to steal $110 million after the majority of coins were frozen.