Crypto exchange Binance has refuted claims that its data and code had been compromised after reports that some of the platform’s internal passwords had been exposed on GitHub for months.
On Jan. 31, a publication called 404 Media claimed that a “highly sensitive cache of code,” internal passwords and other technical information had been on a public GitHub repository.
The data was removed from GitHub after Binance posted a copyright takedown request, where it claimed the internal code was posted using Binance’s IP without authorization, which posed a significant risk to the firm and could cause financial harm and confusion to its users.
At the time, a spokesperson for Binance told 404 Media that the exchange was aware of an individual claiming to have sensitive information, but that its security team had assessed that the data did not resemble anything Binance currently has in production.
“Users should rest assured that their data and assets remain safe on our platform,” said the Binance spokesperson.
Over the weekend, X user “otteroooo” noted that Binance users’ KYC data had appeared for sale on a dark web marketplace, seemingly with ties to the GitHub leak.
Binance’s customer support X account responded to the claims, saying that the crypto exchange’s security team had assessed the threat and determined that “there is no such leak from Binance systems” and reiterated that “user accounts remain safe.”
Our security team has assessed this – as they do all potential threats – and have confirmed there is no such leak from Binance systems. User accounts remains safe.
Accounts are secured through many defenses, including MFA, biometrics, authenticators, etc.
As always, we…
— Binance Customer Support (@BinanceHelpDesk) February 4, 2024