1. Forum
  2. FidoNet
  3. CONSPRCY

  • Coinbase targeted after r

    From Mike Powell@1:2320/105 to All on Tuesday, March 25, 2025 08:38:00
    Coinbase targeted after recent Github attacks

    Date:
    Mon, 24 Mar 2025 14:04:00 +0000

    Description:
    Hundreds of projects suffered as hackers attacked Coinbase.

    FULL STORY

    The endgame of the recent cascading supply chain attack on GitHub was to
    breach Coinbase, one of the worlds most popular centralized cryptocurrency exchanges, experts have claimed.

    Cybersecurity researchers Unit 42 (Palo Alto), and Wiz, revealed the attack, noting although Coinbase successfully defended itself, it is difficult to
    deem the attack a failure, since hundreds of other projects suffered as collateral damage.

    Coinbase claims no damage was done - however, 218 other repositories are thought to have been impacted as a result of this attack.

    No damage to Coinbase

    A cascading supply chain attack is a cyberattack where compromising one component, such as a software dependency or tool, triggers a chain reaction that spreads the breach to multiple connected systems or projects.

    In this case, cybercriminals tampered with a small tool, a GitHub Action
    called reviewdog/action-setup@v1. It is a popular tool that helps automate tasks in software projects. How they breached this Action wasnt revealed, but the attackers managed to get the tool to leak certain access codes into publicly visible logs.

    They then used these codes to inject more malicious code into another widely used tool, called tj-actions/changed-files. This tool is part of Coinbase's development process, and by doing so, they tried to move into the exchanges code repository, gain deeper access, and wreak more havoc.

    "The attacker obtained a GitHub token with write permissions to the coinbase/agentkit repository on March 14, 2025, 15:10 UTC, less than two
    hours before the larger attack was initiated against
    tj-actions/changed-files," Palo Alto Unit 42 said.

    "We followed up by sharing more details of our findings with Coinbase, which stated that the attack was unsuccessful at causing any damage to the agentkit project, or any other Coinbase asset," the researchers added.

    Once the threat actors realized their attack against Coinbase was
    unsuccessful, they pivoted to other projects, the researchers said. We dont know if any other attacks were more fruitful for the criminals.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/coinbase-targeted-after-recent-github-a ttacks

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)