Binance Warns About ‘Serious Financial Damage’ from GitHub Data Leak

Binance has stated that passwords and code, visible on GitHub for months before being removed last week, could lead to “severe financial harm.” The exchange even claims the GitHub repository is “hosting and distributing leaks of internal code,” posing a significant risk to Binance.

Binance Action on Leak Data

A report from 404 Media on January 31 highlighted a cache of “highly sensitive” information, including internal passwords, code, infrastructure diagrams, and technical details related to password and multi-factor authentication implementation at Binance. 

The report suggested that the leaked data was accessible for months which could have been advantageous to hackers attempting to compromise Binance’s systems.

Binance took swift action by filing a copyright takedown request with GitHub on January 24, successfully having the files removed. 

In the takedown request, Binance highlighted the “significant risk” posed by the leaked information, emphasizing that it was unauthorized. Binance asserts that the GitHub repository is “hosting and distributing leaks of internal code, posing a significant risk to Binance.”

‘Termf’ First Identified the Issue

The account ‘Termf’ was the first to spot and bring attention to the leaks, raising immediate concerns about the possible misuse of the exposed information.

When questioned by 404 Media on January 5, Binance acknowledged the situation, stating, “We are aware that there’s an individual online claiming to have sensitive Binance information.”

Apparently, Binance has issued a takedown request with GitHub and is pursuing legal action against the user named ‘Termf.’

Binance Concerns Over User Data

In response to the situation, Binance clarified its commitment to protecting intellectual property, both past and present, and emphasized its proactive measures to prevent unnecessary confusion or unwarranted fears about the release of private data. 

It’s important to note that as of now, there is no evidence to suggest that the leaked data was accessed or utilized by malicious entities. 

The origin of the leak, whether accidental or intentional by a Binance employee or an external party, remains unknown. Binance’s swift actions aim to mitigate potential risks and uphold the security of its platform.