Crypto News – For months, a publicly accessible GitHub repository has held a highly sensitive cache of code, infrastructure schematics, internal passwords, and other technical material belonging to the industry leader in cryptocurrencies, Binance.
Binance GitHub Exposure: Exchange’s Code and Internal Passwords Shared on GitHub for Months
Only last week was Binance able to get GitHub to remove the material in response to a copyright takedown request; however, not before other users were able to view it. The cache held a lot of information that hackers attempting to breach Binance’s systems may find helpful, even if there is no proof that this material was accessed or used by bad actors.
This account is using our client’s internal code which poses significant risk to Binance and causes severe financial harm to Binance and user’s confusion/harm,
a section of the takedown request, available on GitHub
How Did the Disclosure Happen?
One diagram, for instance, that is part of the “Binance-infra-2.0” folder illustrates how the numerous dependencies that Binance has been interconnected. A plethora of scripts and code were found in the cache. A portion of that code seems to have to do with how multi-factor authentication and passwords are implemented by Binance.
Apparent passwords for several systems tagged as “prod,” or production, were found in multiple files. Production systems are usually ones that are not used in a development or demonstration environment but rather as a component of the real site. It appears that at least two of those match the AWS servers that Binance uses. The leaks were uploaded to GitHub by “Termf,” an account. It’s unclear if this was a mistaken upload to GitHub by a Binance staff member or if the content was taken by an outsider who used it for malevolent purposes.
According to New Data, Binance Claims No System Leaks
Following news that some of the platform’s internal passwords had been available on GitHub for months, cryptocurrency exchange Binance has denied allegations that its data and code had been stolen.
Users should rest assured that their data and assets remain safe on our platform,
a Binance spokesperson.
X user “otteroooo” discovered over the weekend that KYC information belonging to Binance customers has surfaced for sale on a dark web marketplace, possibly connected to the GitHub hack. In response to the allegations, Binance’s customer service X account stated that the security team of the cryptocurrency exchange had evaluated the risk and found that there was no such leak from Binance systems. The conversation restated the security of user accounts.
On the other hand, a dark web forum is allegedly claiming that Binance has obtained verified user data. The forum post advertises the sale of personal data such as Binance users’ names, countries, and phone numbers. While the authenticity of this post has not yet been confirmed, it is certain to cause a major security breach if true.
Leave a comment