USDGitHub Confirms Internal Repository Theft
CZ Warns Crypto Developers to Rotate Exposed Keys
TL;DR
- GitHub confirmed about 3,800 internal repositories were stolen after an employee installed a malicious VS Code extension.
- GitHub said it has no evidence that customer repositories, organizations, or enterprises were affected.
- Binance cofounder Changpeng “CZ” Zhao urged crypto developers to double-check and change API keys stored in code.
Trade smarter on Jupiter, Solana’s leading DEX built for fast execution and deep liquidity.
Swap tokens at competitive rates, route across multiple liquidity sources automatically, and access perpetuals, DCA, and advanced trading tools — all in one place!
GitHub confirmed that roughly 3,800 internal code repositories were stolen after an employee unknowingly installed a malicious Visual Studio Code extension, while Binance cofounder Changpeng “CZ” Zhao warned crypto developers to review and change exposed API keys after the security incident.
GitHub said its current assessment limits the exfiltration to GitHub-internal repositories. The company said it had no evidence that customer information stored outside its internal repositories was affected, including customers’ own enterprises, organizations, and repositories.
The malicious extension was downloaded through Microsoft’s official marketplace ecosystem, where Visual Studio Code extensions normally add features to the editor. This poisoned version was designed to quietly exfiltrate data in the background.
GitHub said it detected and contained the compromised employee device, removed the malicious extension version, isolated the endpoint, and began incident response immediately after discovering the attack. GitHub also rotated critical credentials overnight, prioritizing the highest-risk and highest-impact secrets first while continuing to monitor infrastructure for follow-on activity.
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
GitHub Says Customer Repositories Were Not Known to Be Affected
GitHub said the attacker’s claim of about 3,800 repositories was “directionally consistent” with its investigation so far. Hacker group TeamPCP claimed responsibility for the breach on a black-hat cybercrime forum and allegedly sought at least $50,000 for the stolen code, with samples offered to verified buyers.
GitHub acknowledged that some internal repositories contain customer-related information, including excerpts of support interactions. GitHub said affected customers would be notified through established incident-response and notification channels if any impact is discovered.
CZ responded to the incident by telling crypto developers to review sensitive credentials stored in code, including private repositories. Changpeng “CZ” Zhao warned: “double-check and change them.”
API keys can connect applications to exchanges, wallets, cloud services, AI tools, databases, and payment systems. Exposed crypto credentials can potentially create access paths into trading systems, withdrawal functions, backend infrastructure, or sensitive user data.
FAQ
What did GitHub confirm?
GitHub confirmed roughly 3,800 internal repositories were stolen.
What caused the breach?
An employee unknowingly installed a malicious Visual Studio Code extension.
Were customer repositories affected?
GitHub said it had no evidence that customer repositories, organizations, or enterprises were affected.
What did CZ tell developers?
CZ told developers with API keys in code to “double-check and change them.”
This article has been refined and enhanced by ChatGPT.
