Watch

Watch Movies

Events

Browse Events My events

Blog

Browse articles

Market

Latest Products

Pages

My Pages Liked Pages

More

Forum Explore Popular Posts Games Jobs Offers Fundings
Watch Events Market Blog My Pages See all
Finance

In August, Shiba Inu leaked AWS credentials.

User Image
655 Views

AWS Credentials Discovered on a Shiba Inu
The information on the key credentials was secretly revealed by Shiba Inu last month

 

On September 8th, the security company PingSafe presented its results in a report that was published online. On August 22, it was discovered that a contribution in Shiba Inu's public GitHub repository disclosed credentials associated to the project's Amazon Web Services (AWS) account. This was stated in the statement.

The breach contained multiple pieces of information, one of which was the AWS ACCESS KEY and AWS SECRET KEY, which are two environment variables that enable scripts to access an Amazon Web Services (AWS) account. In this particular instance, the vulnerable code was contained within a shell script that was utilized in order to operate validator nodes for Shiba Inu's Layer 2 network, Shibarium.

According to PingSafe, this mistake "severely exposed the company's AWS account" and may have resulted in a variety of security breaches including the theft of funds, embezzlement, and disruptions in service.

PingSafe stated that it had sought to contact Shiba Inu and several developers via email and various social networks in order to alert them of the risk; however, it did not receive a response from any of them. In addition, the security company looked for a bug reward program or a responsible disclosure policy, but they were unable to locate any such mechanism for reporting the problem.

After two days, the credentials were rendered useless, meaning that the breach is no longer a threat. After receiving the information from Pingsafe, the Shiba Inu team removed the commit that contained the leak from their repository, and subsequent code commits do not include the data that was compromised.

The Shiba Inu has not been the focus of a significant number of attacks. However, the coin has been taken in the course of larger-scale thefts: SHIBA was one of the assets stolen in an attack on Poly Network that cost $611 million a year ago, while an attack on Bitmart in December resulted in the theft of $32 million worth of the SHIBA token.

Shiba Inu is currently the 12th largest cryptocurrency by market cap, boasting a capitalization of $7.5 billion.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies

On September 8th, the security company PingSafe presented its results in a report that was published online. On August 22, it was discovered that a contribution in Shiba Inu's public GitHub repository disclosed credentials associated to the project's Amazon Web Services (AWS) account. This was stated in the statement.

The breach contained multiple pieces of information, one of which was the AWS ACCESS KEY and AWS SECRET KEY, which are two environment variables that enable scripts to access an Amazon Web Services (AWS) account. In this particular instance, the vulnerable code was contained within a shell script that was utilized in order to operate validator nodes for Shiba Inu's Layer 2 network, Shibarium.

According to PingSafe, this mistake "severely exposed the company's AWS account" and may have resulted in a variety of security breaches including the theft of funds, embezzlement, and disruptions in service.

PingSafe stated that it had sought to contact Shiba Inu and several developers via email and various social networks in order to alert them of the risk; however, it did not receive a response from any of them. In addition, the security company looked for a bug reward program or a responsible disclosure policy, but they were unable to locate any such mechanism for reporting the problem.

After two days, the credentials were rendered useless, meaning that the breach is no longer a threat. After receiving the information from Pingsafe, the Shiba Inu team removed the commit that contained the leak from their repository, and subsequent code commits do not include the data that was compromised.

The Shiba Inu has not been the focus of a significant number of attacks. However, the coin has been taken in the course of larger-scale thefts: SHIBA was one of the assets stolen in an attack on Poly Network that cost $611 million a year ago, while an attack on Bitmart in December resulted in the theft of $32 million worth of the SHIBA token.

Shiba Inu is currently the 12th largest cryptocurrency by market cap, boasting a capitalization of $7.5 billion.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies

Chris Eberechi

351 Blog posts

Two Significant Ukrainian Technology Retailers Are Now Accepting Bitcoin - Bitcoin Magazine Finance

Two Significant Ukrainian Technology Retailers Are Now Accepting Bitcoin - Bitcoin Magazine

Reversible blockchain transactions? Finance

Reversible blockchain transactions?

GensMarkets Review – Is GensMarkets Scam or Legit? Finance

GensMarkets Review – Is GensMarkets Scam or Legit?

Comments
Adeleke Ajibola 47 w

hmmmm

 
 
Abiola Issa Mukaila 2 yrs

cool

 
 
Eyitoni Omayuku 2 yrs

Okay

 
 
Ekene Mathias 2 yrs

Hey nice one

 
 
Humphrey Arinze Chukwu 2 yrs

Good one ☝️