Binance's CZ warns crypto developers to rotate API keys after GitHub confirms 3,800 internal repos breached via poisoned VS Code extension. TeamPCC group claimed responsibility. Immediate credential rotation advised.
GitHub has confirmed that thousands of its internal repositories were accessed without authorization, prompting fresh warnings from Binance founder Changpeng “CZ” Zhao for crypto developers to immediately rotate API keys stored in code repositories.
According to a statement published by GitHub on Wednesday, the Microsoft-owned platform said it detected unauthorized access tied to the compromise of an employee device and has since launched an internal investigation into the incident. The company added that it currently has “no evidence of impact to customer information stored outside of GitHub’s internal repositories.”
Further details released by GitHub showed the breach involved a poisoned Visual Studio Code extension discovered on Tuesday. The company said the malicious extension was removed after the affected endpoint was isolated and incident response procedures were initiated.
While GitHub maintained that customer repositories and enterprise environments were not affected, the company acknowledged that roughly 3,800 internal repositories were impacted, a figure that closely matched claims later made by a hacking group known as TeamPCP.
Security Week described TeamPCP as a highly automated cybercrime group that focuses on compromising developer tools to harvest credentials and generate financial gains. Reports circulating online indicated the group attempted to sell what it claimed were “4,000 repos of private code” connected to GitHub’s internal systems.
Against that backdrop, CZ urged developers to review repositories for exposed credentials, warning that API keys stored even in private codebases should be replaced immediately.
Crypto developers rely heavily on GitHub infrastructure to manage open-source projects, trading bots, blockchain applications, and decentralized finance tools. Repositories often contain exchange API credentials, cloud infrastructure tokens, wallet access configurations, and deployment scripts, making such environments attractive targets for attackers.
The attack vector in this incident was a poisoned Visual Studio Code extension, a tool many developers install without scrutiny. Once the extension was active on the compromised employee device, attackers gained access to internal GitHub repositories. The same technique could be used against external developers who install malicious extensions from the marketplace.
GitHub said it has already rotated what it described as “critical secrets,” prioritizing credentials with the highest operational risk. The company added that its investigation remains ongoing and that teams are continuing to analyze logs and monitor for follow-on activity before releasing a full incident report.
Key insight: A GitHub internal breach does not require a direct compromise of your own account to put your credentials at risk. If your API keys, cloud tokens, or wallet configurations were stored in any repository that a GitHub employee could access internally, those credentials may now be in the hands of TeamPCP.
Practical rule: Treat every API key that has ever been committed to a GitHub repository, even a private one, as compromised. Rotate them immediately. Do not wait for GitHub to confirm exposure of your specific account.
The GitHub breach surfaced only days after observability firm Grafana Labs disclosed a separate supply-chain attack involving unauthorized access to its GitHub repositories. Grafana said attackers downloaded portions of its codebase and later issued a ransom demand tied to possible data disclosure.
Two supply-chain incidents in one week targeting the same platform signals a shift in attacker focus. Rather than breaching exchanges or wallets directly, groups like TeamPCP are targeting the development infrastructure that underpins the entire crypto ecosystem.
If attackers obtained deployment scripts or CI/CD pipeline configurations from GitHub’s internal repositories, they could potentially inject malicious code into downstream projects that rely on GitHub-hosted dependencies. The risk is not limited to credentials. It extends to code integrity.
Crypto projects that use GitHub Actions, automated build pipelines, or package registries should audit their dependency chains for any changes made between the breach date and the rotation of GitHub’s internal secrets.
The latest developments have also revived concerns around repository-based attacks targeting crypto users and developers. Back in March, security platform OX Security detailed a phishing campaign tied to the growing popularity of OpenClaw, an open-source AI agent project later backed by OpenAI executive Sam Altman.
According to OX Security, attackers created fake GitHub accounts and used issue threads to lure developers with promises of fake token allocations linked to a non-existent $CLAW token reward campaign. Victims were then redirected to fraudulent websites designed to drain crypto wallets through malicious wallet connection prompts.
Researchers said the campaign used obfuscated JavaScript files and browser-tracking commands to monitor user activity while hiding traces through built-in deletion functions. OX Security later urged users to block domains connected to the operation and avoid linking wallets to newly surfaced websites.
The TeamPCP breach and the OpenClaw campaign share a common target: developers who treat GitHub as a trusted environment. In the OpenClaw case, attackers exploited trust in GitHub issue threads. In the current breach, attackers exploited trust in the Visual Studio Code extension marketplace. Both rely on developers lowering their guard within the GitHub ecosystem.
Concerns around GitHub-hosted secrets are not new for Binance either. In February 2024, investigative outlet 404 Media reported that a cache of Binance-related code and infrastructure data had been publicly accessible on GitHub for months.
The report claimed the exposed material included internal diagrams, authentication-related code, and passwords associated with systems labeled “prod,” potentially referring to production infrastructure.
At the time, Binance acknowledged the leak but said the information posed only a “negligible risk” to users and platform security, while also stating that the exposed code no longer matched its production environment.
The table shows a consistent pattern: attackers are targeting GitHub as a vector into crypto infrastructure, not just user accounts.
GitHub has rotated critical secrets and isolated the compromised endpoint. A full incident report is pending. For crypto developers, the risk reduction comes from actions taken now, not from GitHub’s investigation.
The risk escalates if TeamPCC or another group uses the stolen credentials to compromise crypto exchange APIs, cloud infrastructure, or wallet services before developers rotate their keys. A second wave of supply-chain attacks targeting popular open-source crypto libraries would amplify the damage.
If the investigation reveals that GitHub’s customer-facing repository data was accessed despite current denials, the scope of affected projects would expand significantly. For now, GitHub maintains that only internal repositories were impacted.
The window for rotating credentials is narrow. TeamPCC has a track record of moving quickly to monetize stolen data. Every day a developer delays rotating an API key is a day the attacker could use that key to drain exchange balances or access cloud infrastructure.
GitHub’s full incident report will provide more detail on the specific repositories accessed and the duration of the unauthorized access. Until then, the conservative assumption is that any credential stored in a GitHub repository is compromised.
For developers managing trading bots, DeFi protocols, or blockchain infrastructure, the cost of rotating keys is measured in hours of work. The cost of not rotating them could be measured in lost funds.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.