This allowed the threat actors to steal a Personal Access Token that was then used to push a malicious commit to the tj-actions/changed-files GitHub Action that once again dumps CI/CD secrets to workflow logs. It is unclear how the breach occurred, but the threat actors modified the action to dump CI/CD secrets and authentication tokens into GitHub Actions logs. According to Unit 42, Coinbase's agentkit workflow executed the changed-files actions, allowing the threat actors to steal tokens that gave them Write access to the repository. According to new reports from Palo Alto Unit 42 and Wiz, the attack was carefully planned and began when malicious code was injected into reviewdog/action-setup@v1 GitHub Action. "We followed up by sharing more details of our findings with Coinbase, which stated that the attack was unsuccessful at causing any damage to the agentkit project, or any other Coinbase asset," reports Palo Alto Unit 42. "The attacker obtained a GitHub token with write permissions to the coinbase/agentkit repository on March 14, 2025, 15:10 UTC, less than two hours before the larger attack was initiated against tj-actions/changed-files," explained Palo Alto Unit 42. Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. It is unclear how the breach occurred, but when a related GitHub Action, tj-actions/eslint-changed-files, invoked the reviewdog action, causing its secrets to be dumped to workflow logs. The changed-files action was used by over 20,000 other projects, including Coinbase's coinbase/agent kit, a popular framework for allowing AI agents to interact with blockchains. Unit 42 and Wiz's reports confirm that the campaign was initially highly focused on Coinbase and expanded to all projects utilizing tj-actions/changed-files once their initial attempt failed.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 21 Mar 2025 23:40:15 +0000