Security firm PingSafe accused Shiba Inu’s development team of leaking Amazon Web Services credentials in August, putting the entire project in jeopardy over the course of two days. The team has remained silent on the matter.
Shiba Inu leaked AWS credentials
Security firm PingSafe published a report on September 8 detailing its findings. The company said that on August 22, it discovered a commit in Shiba Inu’s public GitHub repository displaying credentials related to the project’s Amazon Web Services (AWS) account.
The leak included several pieces of data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two data that allowed the script to access the AWS account. In this case, the affected code is part of a shell script used to run authentication nodes for Shiba Inu’s layer 2 network, Shibarium.
PingSafe said that the bug “exposed the company’s AWS account” and could lead to security breaches such as money theft, embezzlement, and service interruptions. PingSafe added that it tried to contact Shiba Inu and various developers via email and social media to inform them about the risk but received no response. The security company also tried to look for bug bounty programs or responsible disclosure policies but found no means to report the problem.
The leak was no longer a risk, as the credentials were no longer valid after two days. The Shiba Inu team also removed the commitment containing leaks following Pingsafe’s report, and more recent code commitments contained no leaked data.
Shiba Inu is not a prime target of attacks. However, broader attacks have brought the coin down: SHIB was an asset stolen in a $611 million attack on Poly Network a year ago, while an attack on Bitmart in December stole $32 million in SHIB tokens.
Shiba Inu is currently the 12th largest cryptocurrency by market cap with a market cap of $7.5 billion.