Cybersecurity firms Palo Alto Networks’ Unit 42 and Wiz have reported that Coinbase was the primary target in a recent GitHub Actions supply chain attack. The attack, which began on March 14, 2025, involved a vulnerability in the GitHub tool tj-actions/changed-files, which the attacker attempted to exploit in order to infiltrate Coinbase’s open-source project, AgentKit. However, Coinbase quickly detected the attack and thwarted the hacker’s efforts before any damage could be done.
The Attack and Coinbase’s Response:
The attacker initially launched over 20 test attempts with different code variations before targeting Coinbase. Once the company blocked the attempt, the hacker shifted tactics and began targeting thousands of other repositories. Despite this, the attack still posed significant risks, as it compromised over 23,000 repositories, with Unit 42 suggesting that the actual number may be higher.
The Hacker’s Shift in Focus:
Following Coinbase’s defense, the hacker refocused on a larger range of GitHub users. Cybersecurity firm Endor Labs discovered that at least 218 repositories had been affected, leading to the exposure of critical access tokens such as AWS, npm, Dockerhub, and GitHub login credentials. Fortunately, most of the leaked tokens had expired, mitigating potential damage.
Expert Insights and Warnings:
Henrik Plate from Endor Labs noted that although the attack initially seemed severe, Coinbase’s swift action forced the hacker to pivot. Yu Jian, founder of the cybersecurity firm SlowMist, emphasized the potential severity of the attack. If successful, it could have rivaled the massive ByBit hack in February 2025, which resulted in a loss of $1.5 billion. Yu urged firms utilizing GitHub tools like tj-actions to perform regular security audits to prevent becoming future targets.
Conclusion:
Thanks to Coinbase’s quick response, the attack was contained before any significant harm was done. However, cybersecurity experts continue to stress the importance of robust security measures for platforms and repositories, particularly those involving high-value assets in the crypto space.
Related topics:
Mubarak Meme Coin Trader Turns $232 Into $1.1 Million, Here’s How
Police Issue Warrant for ‘Bitcoin Billionaire’ Over $50K Bond Scam
Cryptocurrencies to Watch This Week: Binance Coin, Cronos, ZetaChain
