Binance Refutes Claims of Code Leak on GitHub, Says Information Was Outdated and Posed Negligible Risk
Cryptocurrency exchange Binance has denied reports suggesting that a “highly sensitive” cache of internal passwords and code had been exposed on GitHub for an extended period. Binance refuted the claims, asserting that the code in question was outdated and posed a “negligible risk” to users.
A report published on January 31 by 404 Media had highlighted the presence of a cache of internal information, including code, infrastructure diagrams, internal passwords, and technical details related to password handling and multifactor authentication methods employed by the exchange. The report indicated that Binance had successfully requested GitHub to remove the files through a copyright takedown request on January 24. In the takedown request, Binance had characterized the exposed information as posing a “significant risk” and being posted “without authorization.”
However, a Binance spokesperson told Cointelegraph that the individual who had shared the information on GitHub had presented outdated information. Binance’s security team confirmed that the cache did not resemble their current production code, leading the exchange to conclude that the exposed data posed a “negligible risk” to users, their assets, or the platform itself. Binance stated that the information was so outdated that it would be unusable by any third parties or malicious actors.
Binance emphasized its commitment to protecting its intellectual property, past and present, and its efforts to mitigate unnecessary confusion or unwarranted fears regarding the publication of private data. As a result, Binance had issued a takedown request with GitHub and was pursuing legal action against the user responsible for sharing the information.
It’s worth noting that Binance’s takedown request to GitHub had stated multiple times that the information was “our client’s internal code, which poses a significant risk to Binance and causes severe financial harm to Binance and user’s confusion/harm.” However, Binance did not provide further details or respond to additional questions regarding the matter.