Sensitive material belonging to crypto exchange Binance, including code and internal passwords, has reportedly been leaked on GitHub—publicly available for months.
According to 404 Media, material posted under the tag “Termf” includes code, infrastructure designs, internal passwords and other technical information. Some of the code on the website is said to be related to Binance's implementation of security measures, including passwords and multi-factor authentication (MFA).
Other content appears to include passwords for systems marked “production” that are used as part of the live site rather than in development or demo environments.
The data was removed from GitHub last week following a copyright takedown request by Binance, which confirmed that the data contained the exchange's code. The material has been available for viewing since at least January 5, when 404 Media contacted the exchange about the leaks.
Converted screenshot Binance code leaked to GitHub. Source: 404 Media
In its copyright takedown request, Binance said the leak included internal code and “poses significant risk to Binance. And will result in significant financial damage to Binance and user confusion/harm.”
A Binance spokesperson said in a statement that it is aware of the leak and that its security team has “reviewed this claim and determined that it does not match what is currently in production.” “Users should be confident that their data and assets remain secure on our platform,” he added. Binance also said the leaked data “raised a risk of harm to our users, their assets, or the platform.”
Decrypt has reached out to Binance and will update this story if the exchange responds.
Edited by Ryan Ozawa.
Stay on top of crypto news, get daily updates in your inbox.
