Shiba Inu Credential Leak Could Have Lead to “Theft, Token Misappropriation, Service Disruption”

Shiba Inu Credential Leak Could Have Lead to “Theft, Token Misappropriation, Service Disruption”

Shiba Inu Credential Leak Could Have Lead to “Theft, Token Misappropriation, Service Disruption”

Key learning points

  • Security firm PingSafe discovered that the Shiba Inu token development team had leaked its AWS credentials in August.
  • The leaked credentials were valid for two days; they have since been removed from the project’s GitHub repo.
  • While the issue has been resolved, PingSafe has not received a response after contacting the Shiba Inu team.

share this article

The team behind Shiba Inu token (SHIBA) reportedly leaked its AWS credentials for more than two days in August.

Shiba Inu Leaked AWS Credentials

Shiba Inu quietly leaked key data last month.

Security firm PingSafe published a report with the findings on September 8. It said it discovered on Aug. 22 that a commit in Shiba Inu’s public GitHub repository showed credentials related to the project’s Amazon Web Services (AWS) account.

The leak included various data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two environment variables that allow scripts to access an AWS account. In this case, the affected code was part of a shell script used to run validator nodes for Shiba Inu’s Layer 2 network, Shibarium.

PingSafe said the flaw “seriously exposed the company’s AWS account” and could have led to security breaches such as money theft, embezzlement, and service interruptions.

PingSafe added that it tried to contact Shiba Inu and various developers via email and social networks to inform them of the risk, but received no response. The security company also tried to find a bug bounty program or a responsible disclosure policy, but found no way to report the issue.

The leak no longer poses a risk, as the credentials became invalid after two days. The Shiba Inu team also removed the commit containing the leak after Pingsafe’s report, and more recent code commits do not include the leaked data.

Shiba Inu has not been a prime target for attacks. However, wider attacks have stolen the coin: SHIBA was one of the assets stolen a year ago in a $611 million attack on Poly Network, while a December attack on Bitmart stole $32 million of the SHIBA token. .

Shiba Inu is currently the 12th largest cryptocurrency by market capitalization, with a capitalization of $7.5 billion.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.

share this article

Leave a Reply

Your email address will not be published.