key takeaways
- Security firm PingSafe discovered that the development team of Shiba Inu Token leaked its AWS credentials in August.
- The leaked credentials were valid for two days; They have since been removed from the project’s GitHub repo.
- Although the issue has been resolved, PingSafe did not receive a response after contacting the Shiba Inu’s team.
Share this article
The team behind Shiba Inu Token (Shiba) allegedly leaked his AWS credentials over two days in August.
Shiba Inu Leaked AWS Credentials
The Shiba Inu quietly leaked key credentials last month.
Security firm PingSafe published a report on 8 September detailing its findings. It said that on August 22, it was discovered that a commit in the Shiba Inu’s public GitHub repository displayed credentials associated with the project’s Amazon Web Services (AWS) account.
The leak contained several pieces of data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two environment variables that allowed scripts to access the AWS account. In this case, the affected code was part of a shell script used to run validator nodes for the Shiba Inu’s Layer 2 network, Shiberium.
PingSafe said the error “severely exposed the company’s AWS account” and could lead to security breaches such as theft of funds, embezzlement and service disruption.
PingSafe said it attempted to contact the Shiba Inu and various developers over email and social networks to inform them of the risk but did not receive a response. The security firm also tried to find a bug bounty program or responsible disclosure policy, but could not find a means to report the problem.
Leakage is no longer a risk, as the credentials become invalid after two days. The Shiba Inu team has also removed the leaked commit following the PingSafe report, and the most recent code commit does not contain leaked data.
The Shiba Inu has not been a major target of attacks. However, the coin has been stolen in widespread attacks: Shiba was an asset stolen in a $611 million attack on the Poly network a year ago, while $32 million worth of Shiba tokens were stolen in an attack on Bitmart in December.
The Shiba Inu is currently the 12th largest cryptocurrency by market cap, with a capitalization of $7.5 billion.
Disclosure: At the time of writing, the author of this article owns BTC, ETH and other cryptocurrencies.