If you are releasing binaries that are publicly accessible it is possible to get caught.
Statically linked binaries for example have parts of libraries embedded into them. There exists tools that can analyze the binary and try to detect signatures from a shared library in the binary.
In the past there were (and probably still are) companies who provided services to help with finding people who have linked in your code so you could take whatever action you wanted against them. I can't recall a specific company name right now but a little bit of Googling would likely bring up some examples.
