Changpeng Zhao has urged developers to immediately review and replace exposed credentials following reports that hackers may have gained access to GitHub repositories during an ongoing security incident involving the developer platform.
If you have API keys in your code, even private repos, now is the time to double check and change them… https://t.co/DhzATRTyNQ
— CZ 🔶 BNB (@cz_binance) May 20, 2026
His warning comes after GitHub disclosed unauthorized access to internal repositories linked to a compromised employee device infected through a malicious Visual Studio Code (VS Code) extension.
“If you have API keys in your code, even private repos, now is the time to double-check and change them,” CZ said, highlighting growing concerns over developer security risks.
GitHub links incident to malicious VS code extension
GitHub disclosed that it detected and contained the incident on Tuesday after identifying a compromised employee device linked to a poisoned VS Code extension.
According to the company, the malicious extension version was removed immediately, the affected endpoint was isolated, and an internal incident response process was launched.
The incident has drawn attention within the crypto industry due to GitHub’s central role in hosting blockchain projects, smart contracts, wallet tools, and exchange infrastructure. Many crypto teams also store development environments and deployment configurations on private repositories.
Hackers claim access to thousands of private repositories
A hacking group known as TeamPCP has reportedly claimed responsibility for the breach and allegedly attempted to sell GitHub-related data online.
The group claimed it obtained around 4,000 private repositories connected to GitHub’s main platform and internal organizations.
Security researchers have described TeamPCP as an advanced group focused on compromising developer tools to harvest credentials and gain access to sensitive environments.
Meanwhile, A highly targeted and newly discovered phishing operation, named “OpenClaw,” is actively attempting to steal high-value crypto assets by compromising the cryptocurrency wallets of skilled developers who use GitHub
Supply-Chain attacks add pressure on developer security
The GitHub incident follows a separate supply-chain attack disclosed by Grafana Labs, where attackers reportedly accessed the company’s GitHub repositories and downloaded parts of its codebase before issuing a ransom demand.
The latest events also come weeks after the disclosure of critical GitHub vulnerability CVE-2026-3854 by Wiz Research, which exposed repositories across affected servers, further intensifying security concerns around developer platforms.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads, and CoinMarketCap Community for seamless access to high-quality industry insights
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools
