Gate News message, March 31, Anthropic accidentally leaked 510,000 lines of source code for Claude Code in a routine npm update, including critical debugging files, exposing the complete architecture of this flagship AI coding tool. It is reported that the tool generates about $2.5 billion in recurring annual revenue for the company.
Security researcher Chaofan Shou found a source-code mapping file in the Claude Code 2.1.88 version and posted a download link on X (Twitter). The code spread quickly across GitHub within hours, accumulating tens of thousands of forks, and Anthropic subsequently issued a DMCA takedown notice. This leak happened five days after another CMS misconfiguration leaked about 3,000 internal files, including details of the unreleased “Mythos” model; within a week, two unexpected incidents have raised concerns in the market about Anthropic’s $350 billion valuation and its planned IPO in Q4 2026.
The leaked files reveal an internal feature called “Undercover Mode,” designed to prevent Claude from leaking confidential information, while also exposing 44 feature flags, the unreleased back-end daemon process KAIROS, and the internal codename “Capybara” for a Claude 4.6 variant. Anthropic said this was an inadvertent packaging error. Enterprise customers make up 80% of Claude Code revenue and now face risks of exposure to security-logic and permission-bypass techniques.
Korean-Canadian developer Sigrid Jin was reported to have cashed in on 25 billion Claude Code tokens; after the leak, he reworked the Python code and received 50,000 GitHub stars within two hours. This indicates that despite the risks posed by the leak, open-source the community’s interest in Claude Code remains extremely high.
The incident highlights the importance for AI enterprises to strengthen code security and internal permission management before an IPO, and it also serves as a reminder for investors and institutions to watch how potential technical risks affect market valuations. As Anthropic faces increased scrutiny, its prospects ahead of going public may experience significant volatility.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Criticized for freezing USDC too slowly! Circle CEO: We will definitely wait for the court’s order before freezing—refusing to freeze privately/by ourselves without authorization
Circle CEO Jeremy Allaire said the company will not proactively freeze wallet addresses unless it receives a court order or a request from law enforcement. Even amid hacker money-laundering disputes and community backlash, Circle still insists on operating in accordance with the rule of law.
Jeremy Allaire sets Circle’s law-enforcement bottom line
-----------------------------
As the global cryptocurrency market roils, Circle’s CEO Jeremy Allaire, the stablecoin issuer, delivered a clear stance on the most sensitive issue in the market at a press conference in Seoul, South Korea. He pointed out that although Circle has the technical means to freeze specific wallet addresses, unless it receives a court order or a formal instruction from law-enforcement authorities, the company will not take such action on its own.
CryptoCity1h ago
Attacker Exploiting Bridged Polkadot Vulnerability Transfers $269K to Tornado Cash
On April 15, Arkham reported that the attacker who exploited a Bridged Polkadot vulnerability transferred around $269,000 in stolen funds to Tornado Cash, complicating asset tracking.
GateNews2h ago
Bitcoin Developers Propose BIP 361 to Protect Against Quantum Computing Threats
Bitcoin developers have proposed BIP 361 to safeguard the network against quantum computer risks by freezing vulnerable addresses. The proposal includes a phased plan to transition users to quantum-safe wallets, but it has sparked debate on user control and security.
GateNews2h ago
Hackers Exploit Obsidian Plugin to Spread PHANTOMPULSE Trojan with Blockchain C2
Elastic Security Labs revealed that threat actors impersonated venture capital firms on LinkedIn and Telegram to deploy a Windows RAT named PHANTOMPULSE, using Obsidian note vaults for attacks, which Elastic Defend successfully blocked.
GateNews3h ago
Zerion Hot Wallet Loses $100K in AI-Driven Social Engineering Attack by North Korea-Linked Hackers
Zerion confirmed a recent AI-driven social engineering attack by North Korean hackers, resulting in a $100,000 loss from corporate hot wallets. User funds remain safe, and the company has taken precautionary measures. This follows another significant attack on Drift Protocol.
GateNews3h ago
CoW Swap Pauses Protocol After DNS Hijacking Drains at Least $1M in User Funds
CoW Swap suspended its protocol after DNS hijacking redirected users to a fraudulent site, resulting in over $1 million in crypto theft. The incident led to precautionary actions and user warnings, while security measures were implemented.
GateNews5h ago
