- The researchers affirm that the main objective of a recent attack on the cascade supply chain was Coinbase
- Cryptocurrency exchange was not compromised, but hundreds of other projects could suffer
- The attack went through a github action tool
The end of the recent attack of the cascade supply chain against Github was to violate Coinbase, one of the most popular centralized cryptocurrency exchanges in the world, they said.
Cybersecurity researchers Unit 42 (Palo Alto), and Wiz, revealed the attack, pointing out that although Coinbase defended itself successfully, it is difficult to consider that the attack is a failure, since hundreds of other projects suffered as collateral damage.
Coinbase states that no damage was caused; However, it is believed that another 218 repositories have been affected as a result of this attack.
There is no damage to coinbase
An attack of the waterfall supply chain is a cyber attack where to compromise a component, such as a software dependence or tool, triggers a chain reaction that disseminates the violation of multiple systems or projects connected.
In this case, cybercounts manipulated a small tool, a GitHub action called ReviewDog/Action-setup@v1. It is a popular tool that helps automate tasks in software projects. The way they violated this action was not revealed, but the attackers made the tool to filter certain access codes to publicly visible records.
Then they used these codes to inject a more malicious code into another widely used tool, called TJ-Actions/Cambied-Files. This tool is part of the coinbase development process, and in doing so, they tried to move to the exchange code repository, obtain deeper access and cause more havoc.
“The attacker obtained a github token with writing permits to the coinbase/agentkit repository on March 14, 2025, 15:10 UTC, less than two hours before the largest attack against TJ-Actions/Change-Files began,” said Palo Alto Unit 42.
“We continue to share more details of our findings with Coinbase, which declared that the attack was unimported in causing any damage to the agentkit project, or any other coinbase asset,” the investigators added.
Once the threat actors realized that their attack against Coinbase was not successful, they turned to other projects, the researchers said. We do not know if any other attacks were more fruitful for criminals.
Through Bleepingcomputer
You may also like
#Coinbase #attacked #github #attacks
