MATCH MythicLaboratories/mythic-mainnet-beta — This repository contains a leaked Solana wallet private key (base58-encoded) committed directly in a Claude Code session transcript, alongside a hardcoded RPC endpoint. This is a classic vibe-coded project where secrets were pasted into a Claude Code conversation and committed.
MATCH MythicRapha/mythic-mainnet-beta — This repo contains a leaked Solana wallet private key (base58-encoded) committed in a Claude Code session log, where the developer pasted their private key directly into a conversation with Claude to deploy a PumpFun volume bot.
MATCH Vitthal-Agarwal/MBC — A Claude Code-built hackathon project (CLAUDE.md present) that has leaked multiple API keys and credentials directly in documentation: The Odds API key, Kalshi API key, and Polymarket API key/secret/passphrase.
MATCH KudbeeZero/GrowPodEmpirev1.0 — This Claude Code project (has CLAUDE.md) contains a leaked Algorand TestNet mnemonic seed phrase hardcoded in POST_DEPLOYMENT_CHECKLIST.md, committed directly to the repository.
MAYBE niconiahi/ethernauta — This Claude Code-built Ethereum wallet project has a hardcoded QuickNode RPC URL with an API key exposed in the README examples, but no leaked private keys or mnemonics.
MAYBE jspeer1985/dapp-website — A Claude Code-built Solana dApp Factory platform that committed a .env.backup file containing an exposed treasury private key (byte array format) to git, as documented extensively in their own audit reports.
MATCH gptcompany/evo — This repository contains a Claude Code configuration backup file (.claude_back.json) with real leaked credentials including a Gemini API key, Supabase URL, and Supabase service role key pasted directly into conversation prompts.
MATCH ph0en1x29/FT — Field service management platform built with Claude Code that has leaked Supabase credentials (URL + anon key) and multiple user account passwords hardcoded in SETUP_GUIDE.md.
MATCH SynergiaOS/SolanaGapeBot — Solana trading bot built with Claude Code that has hardcoded wallet private keys and DragonflyDB credentials directly in systemd service files within the deploy.sh script.
MATCH bitcoincatchers/alpha — A Claude-built Solana trading bot (AlphaBot) that has a hardcoded Helius RPC API key leaked directly in the source code, matching the search criteria for leaked crypto credentials in vibe-coded projects.