Crypto exchange Binance has refuted a report claiming a “highly sensitive” cache of internal passwords and code had been exposed on GitHub for months — arguing the code was outdated and posed a “negligible risk.”
According to a Jan. 31 report from 404 Media, there was a cache of “code, infrastructure diagrams, internal passwords, and other technical information,” including information about how the exchange carries out passwords and multifactor authentication.
The report notes that Binance successfully petitioned GitHub to scrub the files through a Jan. 24 copyright takedown request, where the exchange said the information “poses [a] significant risk” and was posted “without authorization.”
However, a Binance spokesperson told that the individual “shared very outdated information on GitHub” and that their security team confirmed the cache did not “resemble what we currently have in production.”
The information “posed negligible risk to the security of our users, their assets or our platform,” Binance added. It claimed the information was so outdated “it would be unusable by any third parties or malicious actors.”
Binance said it would protect its past or present intellectual property and aim to alleviate harm from “unnecessary confusion or unwarranted fears about the publication of private data,” hence why it issued a takedown request with GitHub and is pursuing legal action against the user.
However, Binance’s request with GitHub claims multiple times that the information is “our client’s internal code, which poses a significant risk to Binance. and causes severe financial harm to Binance and user’s confusion/harm.”
Binance did not respond to further questions on the matter.