Shiba Inu quietly leaked key identifying information last month

The team behind the Shiba Inu token allegedly leaked their AWS credentials for over two days in August.

Shiba Inu AWS Credential Leak

Security firm PingSafe published an article on September 8 detailing its findings. She said that on August 22, she discovered that a commit in Shiba Inu’s public GitHub repository showed credentials tied to the project’s Amazon Web Services (AWS) account.

The leak included several pieces of data, including AWS_ACCESS_KEY and AWS_SECRET_KEY, two environment variables that allow scripts to access an AWS account. In this case, the affected code was part of a shell script used to run validation nodes for Shiba Inu’s Layer 2 network, Shibarium.

PingSafe said this error “seriously exposed the company’s AWS account” and could have led to security breaches such as theft of funds, embezzlement and service interruptions.

PingSafe added that it attempted to contact Shiba Inu and various developers via email and social media to inform them of the risk, but received no response. The security company also tried to find a bug bounty program or responsible disclosure policy, but found no way to report the issue.

The leak is no longer a risk, as the credentials became invalid after two days. The Shiba Inu team also removed the commit containing the leak following Pingsafe’s report, and newer code commits do not contain the leaked data.

Shiba Inu has not been a major target of attacks. However, broader attacks have seen the coin stolen: SHIBA was one of the assets stolen in a $611 million attack on Poly Network a year ago, while an attack on Bitmart in December resulted in the theft of $32 million in SHIBA tokens.

Shiba Inu is currently the 12th largest cryptocurrency by market capitalization, with a capitalization of $7.5 billion.

Leave a Comment