Claude Code Leak Chaos
512,000 Lines, Malware, and a DMCA Fallout: The Claude Code Leak Explained
Anthropic accidentally leaked 512,000 lines of Claude Code source code. Then hackers used it to spread malware. Then DMCA takedowns nuked 8,000 repos. Then AI rewrote the code in Python.
Hold our virtual pinky as we walk you through a week of chaos at Anthropic. It's the kind of story where every step somehow makes things worse, and by the end you're just watching with your mouth slightly open.
In The Beginning
It started on March 31 when a security researcher noticed something strange in Anthropic's npm package for Claude Code. A 59.8MB debugging file was sitting there in the production release. Inside that map file was the entire source code. 1,900 files. 512,000 lines of TypeScript. No hacking required. Anthropic just shipped their source code with the debugger attached.
The Internet Does Its Thing
Within hours, the code was forked thousands of times on GitHub. Devs started digging and found things Anthropic probably wished stayed indoors. An always-on assistant called KAIROS. A virtual pet system named Buddy with 18 species and 1% rare drops. An *Undercover Mode* that automatically scrubs AI fingerprints from commits when Anthropic employees contribute to open source. A model codenamed Capybara (possibly Claude Mythos) that wasn't supposed to see daylight yet. Cool stuff.
Takedown Showdown
Anthropic's legal team fired back with DMCA takedowns. But someone got a little too trigger happy. Instead of targeting just the leaked repos, their request accidentally wiped out thousands of unrelated repos. Forks, mirrors, anything even loosely connected. Legitimate open source projects vanished overnight. Devs woke up to find their work gone, and a public apology from a company exec came soon after. GitHub restored most of them, but the damage was already done.
The Scavengers Arrive
While Anthropic was busy playing whack-a-mole with takedowns, hackers saw dollar signs. They spun up fake GitHub repos pretending to offer the leaked Claude Code source. Click download, get malware instead. One fake repo managed to get hundreds of forks and stars before it was taken down. The attackers even had the audacity to claim they'd *rebuilt the entire build system from scratch* to make the leak workable. Classic.
The Escape Hatch
Then came the part that’s much harder to control: the rebuilds. A dev fed the entire TypeScript codebase into AI tools and had them rewrite it in Python, creating a working clone with no original TypeScript left. No copyright violation. Anthropic's DMCA notices couldn't touch it because there was nothing left of the original. Then someone else rewrote it in Rust. The code had escaped, and there was nothing Anthropic could do about it.
What's Lost (And What Isn't)
The timing is bad. Anthropic is reportedly preparing for an IPO, and investors are now looking at a company that leaked its source code twice in one year (a similar source map issue happened in February 2025 too), and we're only in April. There'll be some awkward questions in their next funding round.
The code is out there now. It's not going back up the git pipeline. Can anyone actually use it without Anthropic's backend infrastructure? That's the real value. Competitors can copy the architecture, but they can't copy what makes Claude, Claude.
That's the timeline, for now. You can let go of our pinky.
Tags
Join the Discussion
Enjoyed this? Ask questions, share your take (hot, lukewarm, or undecided), or follow the thread with people in real time. The community’s open, join us.
Latest in Big Deal
SpaceX Is Going Public. Big Numbers. Huge.
May 21, 2026
Google Changed The Search Box. can you tell?
May 21, 2026
512,000 Lines, Malware, and a DMCA Fallout: The Claude Code Leak Explained
Apr 4, 2026
Google, Microsoft, and Friends Are Sharing Scam Intel
Mar 16, 2026
Nvidia Is Spending $26B to Train Its Own AI Models
Mar 12, 2026
