A collection of sensitive material belonging to crypto exchange Binance, including code and internal passwords, was reportedly leaked on GitHub—where it was publicly available for months.
According to 404 Media, the material, posted by an account called "Termf," included code, infrastructure diagrams, internal passwords, and other technical information. Some code available on the site is reportedly related to Binance's implementation of security measures, including passwords and multi-factor authentication (MFA).
Other material apparently included passwords for systems marked "prod," which were likely to have been used as part of the live site rather than development or demonstration environments.
The data was removed from GitHub following a copyright takedown request by Binance last week, confirming that the data contained code belonging to the exchange. The material was available to view since at least January 5, when 404 Media contacted the exchange regarding the leaks.
In its copyright takedown request, Binance said the leak consisted of internal code that "poses significant risk to Binance. and causes severe financial harm to Binance and user's confusion/harm."
In a statement sent to Decrypt, a spokesperson for Binance said that it was aware of the leak, claiming that it was "very outdated information," that it does not resemble what the exchange currently has in production, and that it "posed negligible risk to the security of our users, their assets or our platform." The information published was "so outdated that it would be unusable by any third-parties or malicious actors," they added.
The spokesperson said that Binance issued the takedown request in order both to protect its intellectual property, and to " alleviate any harm that could come from unnecessary confusion or unwarranted fears about the publication of private data."
Edited by Ryan Ozawa.