Binance claims GitHub code leak poses 'negligible' risk to users
The code leak contained cached GitHub repositories with infrastructure diagrams, passwords, and authentication details.
Share this article
Binance has refuted claims made by a January 31st report from 404 Media in which details of a GitHub code leak were disclosed. According to Binance, the information revealed in the report was outdated and unusable.
The report said that cached GitHub repositories contained infrastructure diagrams, passwords, and authentication details. The report noted that these had been exposed in GitHub “for months” and contained information on Binance’s internal processes for multi-factor authentication.
In January 24, Binance petitioned to remove these through a takedown request, citing how these could cause confusion and financial harm to the exchange and its users. Binance is pursuing legal action against the GitHub user who originally posted the code.
In the request, Binance claimed that these details “[poses] significant risk” and were posted without authorization.
The leak contained “[our client’s] internal code, which poses a significant risk to Binance, and causes severe financial harm to Binance and user’s confusion/harm,” the exchange said in the takedown request.
Binance has since changed its stance, saying that the code is not comparable to production versions of its system. The crypto exchange said the leak no longer risks platform-level security and usability.
According to Binance, the code was scrubbed to alleviate fears over private data leaks and was no longer useful to any malicious third-party actors.
The code leak comes amid growing regulatory challenges for the exchange. The exchange recently entered a plea deal with the US Department of Justice, agreeing to pay $4.3 billion in fines. More recently, victims of an attack by Hamas sued Binance for allegedly assisting sanctioned organizations. These developments come amid the exchange rebounding its revenues and claiming a 52.6% dominance in spot markets.