BREAKING: GitHub Claims Customer Repos Safe as Binance’s Changpeng Zhao Issues Warning

GitHub on Wednesday said the initial investigation into a security breach revealed customers’ repositories were unaffected. This comes amid crypto developers moving to double-check and possibly rotating API keys after Binance founder Changpeng “CZ” Zhao issued a warning.

GitHub Reveals Investigation Details After Data Breach

Microsoft-owned GitHub disclosed details of a security breach involving unauthorized access to internal repositories on May 20. It detected and contained a poisoned VS Code extension on an employee’s device.

We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

After an initial investigation, the company confirms only GitHub’s internal repositories were affected. It means customer data, enterprises, organizations, or repositories are safe, including crypto projects’ repositories.

Moreover, the company revealed that 3,800 repositories are impacted, which is consistent with the attacker’s claims. The firm added that critical secrets were rotated, with the highest-impact credentials prioritized first.

GitHub will continue to analyze logs, validate secret rotation, and monitor for any follow-on activity. It will publish a full report on the incident after completing its investigation.

Binance Founder Changpeng Zhao Issues Warning to Crypto Developers

Binance founder Changpeng “CZ” Zhao urged crypto developers to immediately rotate API keys stored in code and even in private repositories, highlighting heightened risks of crypto hacks. The crypto market saw major hacks, such as the recent Drift Protocol and KelpDAO hacks.

“If you have API keys in your code, even private repos, now is the time to double check and change them,” Changpeng Zhao warned.

This comes as GitHub’s confirmed the breach and started investigating unauthorized access to GitHub’s internal repositories. “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories,” the platform said earlier.

Notably, crypto developers rely heavily on GitHub for open-source or private development, storing exchange API keys, wallet credentials, and infrastructure tokens in repositories for ease of use in bots, trading scripts, DeFi protocols, and blockchain tools.

Reports indicated a threat group known as TeamPCP has claimed responsibility and is attempting to sell data from approximately 4,000 GitHub internal repositories for a minimum of $50,000.

Crypto security experts are still urging developers to rotate all keys, scan for hardcoded secrets using tools like GitHub Secret Scanning, gitleaks, or Trivy, and move away from committing keys entirely.

GitHub is investigating unauthorized access to their internal repos.

If you're vibecoding with Lovable, Replit, Bolt etc, you're probably fine. The incident is about GitHub's own internal repositories, not yours.

But it doesn't hurt to check. I built a quick CLI tool that… https://t.co/GpVFjAxtAy

— Derrick (@deriq_eth) May 20, 2026

If you’re looking to earn passive income with crypto, check out our 8 proven ways to earn passive income in May 2026.