Shiba Inu credential leak may have resulted in “theft, token misappropriation, disruption of services.”


The central theses

  • Security firm PingSafe found that the Shiba Inu token development team leaked their AWS credentials in August.
  • The leaked credentials were valid for two days; They have since been removed from the project’s GitHub repo.
  • Although the issue was resolved, PingSafe received no response after contacting Shiba Inu’s team.

Share this article

The team behind Shiba Inu Token (SHIBA) reportedly leaked their AWS credentials for more than two days in August.

Shiba Inu leaked AWS credentials

Shiba Inu secretly leaked important login credentials last month.

Security firm PingSafe released a report on September 8th detailing their findings. It said that on Aug. 22, it discovered that a commit in Shiba Inu’s public GitHub repository showed credentials related to the project’s Amazon Web Services (AWS) account.

The leak contained multiple pieces of data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two environment variables that allow scripts to access an AWS account. In this case, the affected code was part of a shell script used to run validation nodes for Shiba Inu’s Layer 2 network, Shibarium.

PingSafe said this error “seriously compromised the company’s AWS account” and could have led to security breaches such as money theft, embezzlement, and service disruptions.

PingSafe added that it tried to contact Shiba Inu and various developers via email and social media to let them know about the risk, but received no response. The security firm also tried to find a bug bounty program or responsible disclosure policy, but found no way to report the issue.

The leak no longer poses a risk as the credentials became invalid after two days. Shiba Inu’s team also deleted the commit that contained the leak, according to Pingsafe’s report, and more recent code commits do not contain the leaked data.

Shiba Inu was not a primary target of attacks. However, broader attacks have seen the coin stolen: SHIBA was an asset stolen in a $611 million attack on Poly Network a year ago, while an attack on Bitmart in December stole $32 million of the SHIBA token were stolen.

Shiba Inu is currently the 12th largest cryptocurrency by market cap, with a capitalization of $7.5 billion.

Disclosure: At the time of writing, the author of this article owned BTC, ETH, and other cryptocurrencies.

Share this article


About Author

Comments are closed.