The team behind Shiba Inu token (SHIBA) reportedly leaked its AWS credentials for more than two days in August.
Shiba Inu quietly leaked key credentials last month.
Security firm PingSafe published a report on September 8 detailing its findings. It said that on Aug. 22, it discovered that a commit in Shiba Inu’s public GitHub repository displayed credentials related to the project’s Amazon Web Services (AWS) account.
The leak included several pieces of data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two environment variables that allow scripts to access an AWS account. In this case, the affected code was part of a shell script used to run validator nodes for Shiba Inu’s Layer 2 network, Shibarium.
PingSafe said that this error “severely exposed the company’s AWS account” and could have led to security breaches such as theft of funds, embezzlement, and service disruptions.
PingSafe added that it attempted to contact Shiba Inu and various developers over email and social networks to inform them of the risk but did not receive a response. The security firm also tried to find a bug bounty program or responsible disclosure policy but found no means of reporting the issue.
The leak is no longer a risk, as the credentials became invalid after two days. The Shiba Inu team has also deleted the commit containing the leak following Pingsafe’s report, and more recent code commits do not contain the leaked data.
Shiba Inu has not been a major target for attacks. However, broader attacks have seen the coin stolen: SHIBA was one asset stolen in a $611 million attack on Poly Network one year ago, while an attack on Bitmart in December saw $32 million of the SHIBA token stolen.
Shiba Inu is currently the 12th largest cryptocurrency by market cap, boasting a capitalization of $7.5 billion.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Join more than 100,000 subscribers
Don’t have an account? Create one
Already have an account? Sign In
Sign In
