Crypto Exchanges

Story: GitHub Hackers Want $50K for Stolen Repos and Crypto Developers Are Now Scrambling

By Evie Vavasseur

1 / 15

Crypto Community Responds Fast. Binance co-founder Changpeng Zhao didn't wait around.

2 / 15

Coming Right After the Echo Protocol Attack. The timing is rough. The crypto space is still processing the $76.

3 / 15

What GitHub Is Doing Now. GitHub's response has been methodical, at least from what's public.

4 / 15

GitHub got hit. A compromised employee computer running a malicious VS Code extension gave attackers a way into the company's internal repositories, and now a group called…

5 / 15

GitHub confirmed the breach on its X account. Attackers got in through the tainted extension on one employee's device.

6 / 15

French researcher Sébastien Latombe spotted the forum listing tied to TeamPCP. The repos mentioned include ones connected to GitHub Actions, GitHub Enterprise, and Azure, among…

7 / 15

Binance co-founder Changpeng Zhao didn't wait around. He went straight to social media and urged crypto developers to check their API keys — even the ones sitting in private…

8 / 15

Aaron Shames, founder of Topaz DEX, went further and basically said storing API keys in any repository at all is the wrong move. Full stop.

9 / 15

Nehru's point about extension permissions is worth sitting with. VS Code extensions are everywhere in developer workflows.

10 / 15

The timing is rough. The crypto space is still processing the $76.7 million attack on Echo Protocol, and now a breach at one of the most widely used code storage platforms in the…

11 / 15

Related: Bankr Shuts Down All Transactions After Hack Hits 14 User Wallets

12 / 15

Vitalik Buterin has weighed in before on the broader question of software safety, suggesting AI could play a role in improving security through formal verification.

13 / 15

The challenge for developers right now is more immediate. Updating key storage practices across multiple projects isn't simple.

14 / 15

And it's not just crypto. GitHub serves millions of developers across every industry. But the crypto angle here is sharp because the stakes around key management are so direct.

15 / 15

GitHub's response has been methodical, at least from what's public. Rotating high-impact credentials first makes sense. The log review is ongoing.

The Currency Analytics

Want the full story?