demesisx@infosec.pub

demesisx@infosec.pub

cross-posted from: https://lemmy.bleh.au/post/1311371

Binance Code and Internal Passwords Exposed on GitHub for Months

Comment

I hope nobody loses their shirt over this.

Summary

Sensitive data exposed: Internal code, infrastructure diagrams, passwords, and other technical information were publicly accessible on GitHub for months.

Source unclear: Unclear if an outside hacker or Binance employee accidentally uploaded the data.

Potential risk: Information could be used by attackers to compromise Binance systems, though Binance claims “negligible risk”.

Data details: Included code related to passwords and multi-factor authentication, diagrams of internal infrastructure, and apparent production system passwords.

Binance response: Initially downplayed the leak, later acknowledged data was theirs but downplayed risk.

Current status: Data removed from GitHub via copyright takedown request.

Unclear if any malicious actors accessed the data.

Welcome to Cardano!

Cardano is a public blockchain platform. It is open-source and decentralized, with consensus achieved using proof of stake. It can facilitate peer-to-peer transactions with its internal cryptocurrency, ADA.

Cardano’s development began in 2015, led by Ethereum co-founder Charles Hoskinson. The project is overseen and supervised by the Cardano Foundation based in Zug, Switzerland. When launched in 2017, it was the largest cryptocurrency to use a proof-of-stake blockchain, which is seen as a greener alternative to proof-of-work protocols. On this community you can learn more about the project, understand its great potential and engage in the worldwide Cardano community!

**Governance: ** Cardano is controlled by three entities:

Cardano Foundation: aims to standardize and promote the ecosystem (based in Switzerland). As of 2021, Frederik Gregaard is known to be the CEO of the Cardano Foundation.

IOHK: an engineering company responsible for building the Cardano blockchain.

Emurgo: responsible for commercial applications, based in Japan.

The platform is named after Italian mathematician Gerolamo Cardano, while the cryptocurrency itself is named after the English mathematician Ada Lovelace. The Ada sub-unit is the Lovelace; one Ada = 1,000,000 Lovelaces. Cardano differentiates itself from many other cryptocurrencies by focusing on scientific research and working together with universities.

Technical design:

Atypically, Cardano does not have a white paper. Instead, it uses design principles intended to overcome issues faced by earlier cryptocurrencies such as scalability, interoperability, and regulatory compliance. Cardano claims that it overcomes problems found in other cryptocurrencies: mainly that Bitcoin is too slow and inflexible, and that Ethereum is not safe or scalable. Like Bitcoin, Cardano uses a UTXO ledger model, though it is an extended version (EUTXO) to facilitate smart contracts and scripting languages.

Cardano uses a proof-of-stake (PoS) protocol named Ouroboros; this is in contrast to Bitcoin and Ethereum, which use proof-of-work protocols (though the latter switched over in 2022). Proof-of-stake blockchains use far less energy than proof-of-work chains. This is achieved by eliminating the computing resources that a proof of work algorithm requires. In February 2021, Hoskinson estimated the Cardano network used 6 GWh annually, less than 0.01% of the 110.53 TWh used by the Bitcoin network as calculated by the University of Cambridge.

Within the Cardano platform, Ada exists on the settlement layer. This layer is similar to Bitcoin and keeps track of transactions. The second layer is the computation layer and is designed to be similar to Ethereum, enabling smart contracts and applications to run on the platform.

The cryptocurrency Ada (ADA) can be stored on Cardano’s native digital wallet named “Daedalus”. The wallet downloads a full copy of the entire Cardano blockchain transaction history. Users face the risk of losing access to funds if the wallet’s seed phrase is lost or stolen. The review in Investopedia highlighted the wallet’s security and noted the lack of: mobile support, support for other tokens, and “onramp” to purchase assets with money.

Development phases of Cardano, or “eras”, are named after notable figures in poetry and computer science: Byron, Shelley, Goguen, Basho and Voltaire. The first three stages implemented a basic blockchain, and then implemented decentralization and smart contracts. The Basho era focuses on scaling the blockchain. Voltaire, the final era, adds voting and treasury management functionality to the blockchain.

Once Voltaire is complete IOHK has said it plans to release the development of the network entirely to the community.

As with other proof-of-stake cryptocurrencies, Cardano offers “staking”, which allows token holders to set-aside (delegate) tokens to potentially “validate” transactions on the same blockchain. The quantity of tokens staked corresponds with the likelihood of being chosen to validate a transaction, and thus be rewarded by the algorithm with more of the same token. Cardano’s Daedalus wallet allows for staking. For Cardano, users participate in “staking pools” with other token-holders.