A highly sensitive cache of code, infrastructure diagrams, internal passwords, and other technical information belonging to crypto giant Binance has been sitting in a publicly accessible GitHub repository for months, investigators have revealed. This was revealed through an investigation by 404 Media. From the report: Last week, Binance successfully had Github delete the data based on a copyright takedown request, but 404 Media and others have since been able to view the data. Although there is no public evidence that this data was accessed or used by malicious parties, the cache contained a wealth of information that could be useful to hackers seeking to compromise Binance's systems.
Part of the takedown request published on GitHub states, “This account uses client internal code that poses a significant risk to Binancec, resulting in severe financial harm to Binance and user disruption/harm.” It is written as “Causing this.” Another section states that the GitHub repository “hosts and distributes leaked internal code that poses a significant risk to BINANCE.” For example, one diagram included in a folder called “binance-infra-2.0” shows the interlocking between different parts of Binance's various dependencies. The cache also contains a wealth of scripts and code. Part of that code appears to be related to how Binance implements passwords and multi-factor authentication. The code includes comments in both English and Chinese.
