- Researchers say the main objective of a recent cascade supply chain attack was Coinbase
- The exchange of cryptocurrency has not been compromised, but hundreds of other projects could suffer
- The attack has gone through a GitHub action tool
The end of the recent attack on the cascade supply chain against Github was to rape Coinbase, one of the most popular centralized cryptocurrency exchanges in the world, experts said.
The 42 unit of cybersecurity researchers (Palo Alto), and Wiz, revealed the attack, noting that although Coinbase has successfully defended itself, it is difficult to consider the attack on a failure, since hundreds of other projects have undergone collateral damage.
Coinbase claims that no damage was caused – however, 218 other benchmarks would have been affected following this attack.
No damage to Coinbase
A cascading supply chain attack is a cyber attack where a component compromises, such as a dependence or a software tool, triggers a chain reaction that spreads violation to several connected systems or projects.
In this case, cybercriminals have falsified a small tool, a github action called reviewdog / action -settup @ v1. It is a popular tool that helps automate tasks in software projects. The way they violated this action was not revealed, but the attackers managed to ensure that the tool discloses certain access codes in publicly visible newspapers.
They then used these codes to inject a more malicious code into another widely used tool, called TJ-action / modified queues. This tool is part of the Coinbase development process, and in doing so, they tried to go to the exchange of exchange code, to gain deeper access and to make more devastation.
“The attacker obtained a github token with writing authorizations at the Coinbase / Agentkit benchmark on March 14, 2025, 15:10 UTC, less than two hours before the larger attack on the modified TJ / Files actions,” said Palo Alto Unit 42.
“We followed by sharing more details of our results with Coinbase, who said that the attack failed to cause damage to the Agentkit project or any other asset Coinbase,” added the researchers.
Once the threat actors have realized that their attack on Coinbase failed, they pivoted other projects, the researchers said. We do not know if other attacks were more fruitful for criminals.
Via Bleeping Compompute
