The Shiba Inu team leaked their AWS credentials in August

Basic Takeaways

  • Security firm PingSafe found that the Shiba Inu token development team leaked AWS credentials in August.
  • The leaked credentials were valid for two days. they have since been removed from the project’s GitHub repository.
  • Although the issue has been resolved, PingSafe did not receive a response after contacting the Shiba Inu team.

Share this article

The team behind the Shiba Inu token (SHIBA) reportedly leaked AWS credentials for more than two days in August.

Shiba Inu leaked AWS credentials

Shiba Inu quietly leaked key credentials last month.

Security firm PingSafe published a report on September 8 detailing its findings. He said that on August 22, he discovered that a commit to Shiba Inu’s public GitHub repository displayed credentials associated with the project’s Amazon Web Services (AWS) account.

The leak included several pieces of data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two environment variables that allow scripts to access an AWS account. In this case, the affected code was part of a shell script used to run validation nodes for Shiba Inu’s Layer 2 network, Shibarium.

PingSafe said this bug “severely exposed the company’s AWS account” and could lead to security breaches such as fund theft, embezzlement and service interruptions.

PingSafe added that it attempted to contact Shiba Inu and various developers via email and social media to inform them of the risk, but received no response. The security company also tried to find a bug bounty program or a responsible disclosure policy, but found no way to report the issue.

The leak is no longer a risk as the credentials were invalidated after two days. The Shiba Inu team also deleted the commit containing the leak after Pingsafe reported it, and the latest code commits do not contain the leaked data.

The Shiba Inu has not been a major target of attacks. However, in broader attacks the currency has been stolen: SHIBA was an asset stolen in a $611 million attack on the Poly Network a year ago, while an attack on Bitmart in December stole $32 million from the SHIBA token.

Shiba Inu is currently the 12th largest cryptocurrency by market capitalization, with a market capitalization of $7.5 billion.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH and other cryptocurrencies.

Share this article

Leave a Comment