GitHub recently discovered that unauthorized access occurred to thousands of its internal code repositories. Following this, Changpeng Zhao, the founder of Binance, is urging cryptocurrency developers to update their API keys, especially those stored publicly in code repositories, as a precaution.
Summary
- GitHub confirmed unauthorized access to nearly 3,800 internal repositories after an employee device was compromised.
- Binance founder Changpeng Zhao urged developers to rotate API keys stored in private and public code repositories.
- The breach surfaced days after Grafana Labs disclosed a separate GitHub-related supply chain attack targeting its codebase.
GitHub announced Wednesday that it discovered someone gained unauthorized access through a compromised employee device. The company, owned by Microsoft, has started an internal investigation to understand what happened.
The company stated they’ve found no indication that customer data outside of GitHub’s own systems was affected.
GitHub has shared more information about the recent security breach, revealing it started with a harmful Visual Studio Code extension that was found on Tuesday. The company quickly removed the malicious extension and took steps to contain the issue after identifying the affected system.
GitHub stated that customer data and business systems were safe, but confirmed around 3,800 of its own internal repositories were affected by the incident. This number aligns with what a hacking group called TeamPCP later reported.
TeamPCP is a cybercrime group known for using automation to break into developer tools and steal login information, ultimately to make money. Recent reports suggest they tried to sell over 4,000 private code repositories that they claimed came from inside GitHub.
Given the current security landscape, Changpeng Zhao (CZ) is advising developers to check their code for accidentally revealed passwords and keys. He specifically warns that even keys kept in private projects should be updated right away.
It’s a good idea to review and update any API keys you have in your code, even if your repositories are private.
— CZ 🔶 BNB (@cz_binance) May 20, 2026
As an analyst, I’ve observed that crypto developers are deeply reliant on GitHub for pretty much everything – managing their open-source code, trading bots, blockchain apps, and DeFi tools. Unfortunately, this creates a significant security risk. These GitHub repositories frequently contain incredibly sensitive information like API keys for exchanges, access tokens for cloud services, wallet configurations, and even the scripts they use to deploy their projects. This makes them a prime target for attackers looking to exploit vulnerabilities and steal funds.
GitHub has already changed its most sensitive security keys, focusing on those that posed the biggest immediate risk. The company is still investigating the incident, carefully reviewing activity logs and watching for any further issues before publishing a complete report.
Crypto sector faces renewed repository security concerns
Just days before, Grafana Labs, a company specializing in observability, revealed it had also been targeted in a supply-chain attack. Hackers gained access to Grafana’s GitHub repositories and downloaded parts of their code, then demanded a ransom to prevent potential data leaks. This incident followed closely on the heels of a breach at GitHub itself.
Recent events have brought renewed attention to the risk of attacks targeting cryptocurrency users and developers through malicious software repositories. Earlier this year, the security firm OX Security reported a phishing scheme connected to the increasing popularity of OpenClaw, an open-source AI project that later received support from Sam Altman, an executive at OpenAI.
OX Security reports that attackers set up fake GitHub accounts and tricked developers with false promises of rewards from a non-existent cryptocurrency called $CLAW. They used discussions on GitHub to entice developers to click links that led to fake websites. These sites were designed to steal cryptocurrency from users’ wallets by prompting them to connect their wallets to malicious applications.
The researchers discovered the campaign tracked users’ online behavior using hidden JavaScript code and browser commands. It also attempted to cover its tracks by automatically deleting evidence. OX Security recommended users block related website addresses and be cautious about connecting their digital wallets to new websites.
Binance has faced previous issues with sensitive information appearing on GitHub. Back in February 2024, 404 Media reported that code and data related to Binance’s internal systems had been publicly available on the platform for several months.
The report revealed that sensitive information had been exposed, including internal blueprints, code used for security logins, and passwords for systems marked as “prod,” which likely indicates the company’s live production environment.
Binance confirmed the data leak happened, but downplayed its potential impact, claiming the exposed information presented a very small risk to users and the platform’s security. They also explained that the leaked code was outdated and didn’t reflect their current system.
Read More
- USD JPY PREDICTION
- PEPE PREDICTION. PEPE cryptocurrency
- WLFI PREDICTION. WLFI cryptocurrency
- USD RUB PREDICTION
- ZEC PREDICTION. ZEC cryptocurrency
- APT PREDICTION. APT cryptocurrency
- SOL PREDICTION. SOL cryptocurrency
- Gold Rate Forecast
- HYPE PREDICTION. HYPE cryptocurrency
- EUR USD PREDICTION
2026-05-20 09:35