Cryptocurrency exchange Binance has vehemently denied allegations of a significant security breach after a report suggested that sensitive internal information, including passwords and code, had been exposed on GitHub. The exchange argues that the information was outdated and posed minimal risk to its users and platform.
The allegations
A recent report from 404 Media raised concerns about a cache of internal information that had allegedly been exposed on GitHub, including “code, infrastructure diagrams, internal passwords, and other technical information.” The report specifically mentioned how Binance manages passwords and implements multifactor authentication.
According to the report, Binance took action on January 24 by filing a copyright takedown request with GitHub. In this request, the exchange stated that the information presented a “significant risk” and was posted “without authorization.” The move was aimed at protecting the security of Binance and its users.
Binance’s response
Binance swiftly responded to the allegations, with a spokesperson asserting that the information shared on GitHub was “very outdated” and that their security team had confirmed that it did not resemble the current production environment of the exchange.
According to Binance, the outdated information made it virtually unusable for malicious actors or third parties, minimizing the risk to user security and platform integrity.
The exchange emphasized that the exposed information “posed a negligible risk to the security of our users, their assets, or our platform.” In light of this, Binance argued that the publication of this outdated information had resulted in unnecessary confusion and unwarranted fears. Consequently, the exchange pursued a copyright takedown request with GitHub and initiated legal action against the user responsible for posting the data.
In the face of these allegations, Binance affirmed its commitment to safeguarding its intellectual property, past and present. The exchange clarified that it would not tolerate disseminating sensitive information that could harm its reputation or compromise user trust.
Binance’s request to GitHub reiterated its stance, stating that the exposed information constituted “our client’s internal code, which poses a significant risk to Binance and causes severe financial harm to Binance and user’s confusion/harm.” This firm stance reflects the exchange’s dedication to maintaining the highest standards of security and privacy for its users.