Coinbase, the largest crypto exchange in the United States, managed to escape a supply chain attack that could have compromised its open source infrastructure.
On March 23, Yu Jian, founder of the security company Blockchain Slowmist, reported the incident in an X position, referring to a report by Unit 42, the Palo Alto Networks threat division.
How Coinbase stopped a major cyber attack
According to unit 42, the striker has targeted “Agentkit”, an open source toolbox managed by Coinbase which supports AI agents based on blockchain.
The threat actor stuffed agentkit And onchainkit The benchmarks on GitHub, the insertion of the malicious code intended to exploit the continuous integration pipeline. The suspicious activity was detected for the first time on March 14, 2025.
“The payload was focused on the exploitation of the CI / CD public flow of one of their open source projects – Agentkit, probably in order to take it from additional compromise,” reported unit 42.
The striker has exploited GitHub’s “Write-All” authorizations, which allowed the injection of harmful code in the automated workflow of the project. This method could have allowed access to sensitive data and create a path for wider compromises.
However, unit 42 indicated that the payload had collected sensitive information. It did not contain advanced malicious tools such as the execution of the remote code or inverted shell exploits.
Meanwhile, Coinbase responded quickly, collaborating with security experts to isolate the threat and apply the necessary attenuations. This rapid action helped the company avoid deeper infiltration and prevented potential damage to its infrastructure.
The stakes were raised by considering the position of Coinbase as the greatest exchange of crypto in the United States and a key goalkeeper for the Spot Bitcoin FNB.
A violation of this nature could have caused major disturbances in the cryptography industry, especially after the recent security incident of $ 1.4 billion by Bybit.
Despite the failed attempt, the attacker has since moved to a wider campaign that now attracts world attention.
In light of this, the founder of Slowmist advised developers using Github actions, in particular those working with always Or review– To audit their systems and confirm that no secret has been exposed.
“If your business uses Reviewdog or TJ-action, perform an in-depth self-exam,” said Yu Jian on X.
This incident highlights the growing importance of obtaining open source tools as the cryptographic ecosystem is developing. Defillama’s data show that cryptographic industry has recorded exploits of more than $ 1.5 billion this year.
Non-liability clause
In membership of the Trust project guidelines, Beincrypto has embarked on transparent impartial reports. This press article aims to provide precise and timely information. However, readers are invited to check the facts independently and consult a professional before making decisions according to this content. Please note that our terms and conditions, our privacy policy and our non-responsibility clauses have been updated.
