The post Coinbase fends off targeted GitHub Action attack in early-stage breach attempt appeared on BitcoinEthereumNews.com.

Security experts claim that the publicly listed exchange Coinbase was the primary target in the GitHub Action supply chain attack. According to the cybersecurity firms analyzing the incident, the attacker initially tried to compromise the Coinbase open-source project agentkit. It was only after they failed at this that they decided to attack GitHub action and target several repositories. Per the reports, the attacker was likely focusing on the Coinbase project so they could use it to access the exchange ecosystem and steal crypto assets. However, they failed to achieve their aim as Coinbase also detected the attack on time and mitigated its impact. According to cybersecurity firm Wiz, its analysis of GitHub identities used in the attack shows that the attacker is active in the crypto community and likely operates from Europe or Africa. Timeline of the security incident (Source: Wiz) Although Coinbase has not publicly commented on the incident, experts claim the exchange has confirmed that it resolved it. Expert analysis showed malicious actors injected code into “tj-actions/changed-files” to leak sensitive data from repositories running the workflow. With Coinbase stopping the targeted attack, it appeared the bad actor decided to target the popular GitHub Action with a supply chain attack. Endor Labs discovered that the attack compromised 218 GitHub repositories, forcing them to reveal their secrets. However, the majority of the leaked information was the credentials for Amazon Web Services, npm, Dockerhub, and GitHub access install tokens. This meant the impact was smaller than earlier feared as most of the leaked secrets were GitHub tokens that expired after the workflow run was completed. Endor Labs researcher Henrik Plate said: “The initial scale of the supply chain attack sounded scary, considering that tens of thousands of repositories depend on the GitHub Action.” Meanwhile, security experts are also examining the motive…

---

Filed under: News - @ March 23, 2025 2:28 pm