512,000 Lines, Malware, and a DMCA Mess: The Claude Code Leak Explained

Hold our virtual pinky as we walk you through a week of chaos at Anthropic. It's the kind of story where every step somehow makes things worse, and by the end you're just watching with your mouth slightly open.

In The Beginning

It started on March 31 when a security researcher noticed something strange in Anthropic's npm package for Claude Code. A 59.8MB debugging file was sitting there in the production release. Inside that map file was the entire source code. 1,900 files. 512,000 lines of TypeScript. No hacking required. Anthropic just shipped their source code with the debugger attached.

The Internet Does Its Thing

Within hours, the code was forked thousands of times on GitHub. Devs started digging and found things Anthropic probably wished stayed indoors. An always-on assistant called KAIROS. A virtual pet system named Buddy with 18 species and 1% rare drops. An *Undercover Mode* that automatically scrubs AI fingerprints from commits when Anthropic employees contribute to open source. A model codenamed Capybara (possibly Claude Mythos) that wasn't supposed to see daylight yet. Cool stuff.

Takedown Showdown

Anthropic's legal team fired back with DMCA takedowns. But someone got a little too trigger happy. Instead of targeting just the leaked repos, their request accidentally wiped out thousands of unrelated repos. Forks, mirrors, anything even loosely connected. Legitimate open source projects vanished overnight. Devs woke up to find their work gone, and a public apology from a company exec came soon after. GitHub restored most of them, but the damage was already done.

The Scavengers Arrive

While Anthropic was busy playing whack-a-mole with takedowns, hackers saw dollar signs. They spun up fake GitHub repos pretending to offer the leaked Claude Code source. Click download, get malware instead. One fake repo managed to get hundreds of forks and stars before it was taken down. The attackers even had the audacity to claim they'd *rebuilt the entire build system from scratch* to make the leak workable. Classic.

The Escape Hatch

Then came the part that’s much harder to control: the rebuilds. A dev fed the entire TypeScript codebase into AI tools and had them rewrite it in Python, creating a working clone with no original TypeScript left. No copyright violation. Anthropic's DMCA notices couldn't touch it because there was nothing left of the original. Then someone else rewrote it in Rust. The code had escaped, and there was nothing Anthropic could do about it.

What's Lost (And What Isn't)

The timing is bad. Anthropic is reportedly preparing for an IPO, and investors are now looking at a company that leaked its source code twice in one year (a similar source map issue happened in February 2025 too), and we're only in April. There'll be some awkward questions in their next funding round.

The code is out there now. It's not going back up the git pipeline. Can anyone actually use it without Anthropic's backend infrastructure? That's the real value. Competitors can copy the architecture, but they can't copy what makes Claude, Claude.

That's the timeline, for now. You can let go of our pinky.