The world’s largest crypto exchange is on the hunt for a user it says publicly posted the keys to its crypto kingdom. In court documents first filed April 7, Binance asked the court to grant a subpoena against GitHub, trying to find any information about a user whom the company said had leaked excerpts of the Binance source code online.
Matthew Keys at The Desk first reported on the apparent code leak. According to an email chain provided in the court docs, the crypto exchange originally sent Microsoft-owned GitHub a notice under the Digital Millennium Copyright Act in late March, saying a user going by “bonald” posted the exchange’s copyrighted code. The code repository company responded saying that Binance’s supposed data was “no longer available.”
According to the docs, Melanie Peker, senior legal council for Binance, asked the court to sign a subpoena that would supply the exchange bonald’s real name, address, phone number, email, and any other identifying information.
The GitHub page Binance links to in its original email no longer exists. The bonald GitHub account named in the court documents does not contain any mention of Binance code. The account has few followers, and according to the user’s activity he hasn’t posted any other code repositories since late last year. It’s unclear what portions of Binance’s source code appeared online and how many people downloaded those files before they were taken down.
The crypto exchange has yet to publicly comment on the alleged code leak, and the courts have yet to grant Binance its subpoena, according to current court filings. Gizmodo reached out to both GitHub and Binance for comment, but we didn’t immediately hear back.
As the world’s largest crypto exchange by trading volume, Binance has every reason to fear any amount of its source code getting leaked online. Major crypto heists have racked up millions of dollars in damage in the first three months of 2023. Hackers pilfered $US197 ($273) million from crypto lending protocol Euler Finance last month. Though more and more hacks have targeted DeFi projects, especially in 2022, Binance itself has been the target of hacks. Last October, it was hit with an exploit that created crypto out of thin air. Malicious actors have also been caught deepfaking Binance execs to try and gain access to users accounts.
Around the time Binance sent its DMCA notice, the company was already reeling from a new regulatory lawsuit. The U.S. Commodities Futures Trading Commission alleged Binance had been illegally growing its user base in the country without registering its tokens. Binance CEO Changpeng Zhao argued that his company blocks U.S. users from using the wider Binance platform, and directs them to use the company’s U.S. arm Binance.US.
Binance is not the only online entity finding itself chasing after source code leaks. Twitter also asked the court to issue a subpoena to GitHub to learn who leaked portions of its source code. The courts granted Twitter’s subpoena request shortly after filing, so Binance could be hoping to receive the same treatment.