AI Startup Says It Will Pay People $2,000 a Month to Masturbate—Yes, Really
Joi AI is hiring 'masturbation consultants' for $2,000 a month to test an AI feature.
Decrypt1 min read
'Double Check Your Keys': CZ Binance Tells Crypto Developers Following GitHub Security Incident
TL;DR
Binance cofounder CZ Zhao advised crypto developers to secure their API keys following GitHub's investigation into unauthorized access to its internal repositories. The incident involved a compromised employee device and affected 3,800 repositories.
Key points
- CZ Zhao advised developers to secure API keys.
- GitHub is investigating unauthorized access to internal repositories.
- 3,800 repositories were affected by the security breach.
- A compromised employee device was involved in the incident.
- Exposed API keys can lead to serious security risks.
Mentioned in this story
BinanceChangpeng ZhaoGitHub
Binance cofounder Changpeng "CZ" Zhao warned crypto developers in a recent tweet after GitHub said in an X post that it is investigating unauthorized access to some of its internal repositories. Responding to this information, CZ urged developers to act accordingly regarding the safety of their repositories. For those who have API keys in their code, CZ stated that there could be no better time than now to double-check and change them. This also applies to private repositories. "If you have API keys in your code, even private repos, now is the time to double-check and change them," CZ wrote.
If you have API keys in your code, even private repos, now is the time to double check and change them...
— CZ 🔶 BNB (@cz\_binance) May 20, 2026 API keys are used by developers to connect applications with exchanges, wallets, cloud services, AI tools, databases, and payment systems. In the cryptocurrency space, exposed API credentials can be dangerous as they could give access to trading systems, withdrawals, backend infrastructure, or sensitive user data. As indicated by CZ, even private repositories may not be immune to such risk.
What happened?
In a recent tweet, GitHub confirmed a security breach, saying it was investigating unauthorized access to its internal repositories. GitHub says it currently has no evidence of impact to customer information stored outside of its internal repositories (such as its customers' enterprises, organizations, and repositories), but it is closely monitoring its infrastructure for follow-on activity. In a separate tweet, GitHub shared additional details regarding its investigation into unauthorized access to its internal repositories. Yesterday, a compromise of an employee device involving a poisoned VS Code extension was detected and contained. The malicious extension version was removed, the endpoint isolated, and incident response began immediately. The current assessment indicates that the activity involved exfiltration of GitHub-internal repositories only. The investigation indicated 3,800 repositories were affected in this regard. In a swift move to curtail risk, critical secrets were rotated, with the highest-impact credentials prioritized first.
Q&A
What security incident occurred at GitHub?
GitHub is investigating unauthorized access to its internal repositories, which affected 3,800 repositories due to a compromised employee device.
Why did CZ Zhao warn developers about API keys?
CZ Zhao warned developers to double-check and change their API keys to prevent potential risks from the GitHub security breach.
What are the consequences of exposed API keys in crypto development?
Exposed API keys can grant access to trading systems, withdrawals, and sensitive user data, posing significant risks in the cryptocurrency space.
