The team behind Shiba Inu token (SHIBA) reportedly leaked its AWS credentials for more than two days in August.
Shiba Inu Leaked AWS Credentials
Shiba Inu quietly leaked key credentials last month.
Security firm PingSafe published a report on September 8 detailing its findings. It said that on Aug. 22, it discovered that a commit in Shiba Inu’s public GitHub repository displayed credentials related to the project’s Amazon Web Services (AWS) account.
The leak included several pieces of data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two environment variables that allow scripts to access an AWS account. In this case, the affected code was part of a shell script used to run validator nodes for Shiba Inu’s Layer 2 network, Shibarium.
PingSafe said that this error “severely exposed the company’s AWS account” and could have led to security breaches such as theft of funds, embezzlement, and service disruptions.
PingSafe added that it attempted to contact Shiba Inu and various developers over email and social networks to inform them of the risk but did not receive a response. The security firm also tried to find a bug bounty program or responsible disclosure policy but found no means of reporting the issue.
The leak is no longer a risk, as the credentials became invalid after two days. The Shiba Inu team has also deleted the commit containing the leak following Pingsafe’s report, and more recent code commits do not contain the leaked data.
Shiba Inu has not been a major target for attacks. However, broader attacks have seen the coin stolen: SHIBA was one asset stolen in a $611 million attack on Poly Network one year ago, while an attack on Bitmart in December saw $32 million of the SHIBA token stolen.
Shiba Inu is currently the 12th largest cryptocurrency by market cap, boasting a capitalization of $7.5 billion.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.