Full Report
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. [...]
Analysis Summary
# Incident Report: GitHub Actions Supply Chain Attack Targeting Coinbase
## Executive Summary
A sophisticated supply chain attack leveraging malicious modifications to the popular GitHub Action `tj-actions/changed-files` successfully targeted Coinbase, leading to the compromise of secrets in downstream repositories. The initial breach involved exploiting a vulnerability within a GitHub Action that dumped workflow secrets, which the attackers then used to gain write access to Coinbase's `coinbase/agentkit` repository, though Coinbase later reported the attack was unsuccessful in causing damage. Subsequently, the compromise expanded to affect 218 other repositories utilizing the vulnerable action.
## Incident Details
- Discovery Date: Unknown, but the compromise of Coinbase's repository occurred on March 14, 2025, shortly before a wider exploitation.
- Incident Date: Initial token theft occurred around March 14, 2025, 15:10 UTC. The broader campaign followed shortly thereafter.
- Affected Organization: Coinbase (Primary Target); 218 other repositories utilizing the vulnerable action.
- Sector: Financial Technology (FinTech) / Cryptocurrency
- Geography: Global (GitHub/Cloud Infrastructure)
## Timeline of Events
### Initial Access
- **Date/Time:** March 14, 2025, starting around 15:10 UTC.
- **Vector:** Compromise of legitimate GitHub Action workflows that were configured to dump CI/CD secrets to execution logs (likely via the `reviewdog` action interacting with `tj-actions/changed-files`).
- **Details:** Threat actors obtained a GitHub Personal Access Token (PAT) with write permissions to a target repository via this mechanism.
### Lateral Movement
- **Date/Time:** Immediately following initial access (shortly before 17:00 UTC on March 14, 2025).
- **Vector:** Using the stolen Coinbase PAT, actors gained Write access to the `coinbase/agentkit` repository.
- **Details:** Attackers pushed a malicious commit to the `tj-actions/changed-files` action itself, which was designed to dump CI/CD secrets in any workflow where it was used. This expanded access to potentially thousands of dependent projects.
### Data Exfiltration/Impact
- **Impact:** Secrets and tokens were exfiltrated from workflows running the compromised action.
- **Scope:** The initial, targeted attempt against Coinbase was reportedly unsuccessful in causing damage to `agentkit` or other assets. Ultimately, 218 other repositories utilizing the action were ultimately impacted by the breach of the action itself.
### Detection & Response
- **Detection:** The activity was identified through analysis conducted by Palo Alto Unit 42 and Wiz.
- **Response Actions:** Response details are not explicitly listed as Coinbase considered the attack unsuccessful. However, external research confirmed the scope of impacted repositories.
## Attack Methodology
- **Initial Access:** Exploitation of misconfigured GitHub Actions workflow logging mechanisms to steal secrets (PATs).
- **Persistence:** Not explicitly detailed, but persistence was gained via Write access to the maintainer account/repository of the `tj-actions/changed-files` Action.
- **Privilege Escalation:** Likely achieved implicitly through the initial unauthorized access to secrets, which granted write permissions to the target repository (`coinbase/agentkit`).
- **Defense Evasion:** Utilizing legitimate CI/CD infrastructure and actions (`reviewdog`, `changed-files`) to conduct the activity.
- **Credential Access:** Stealing GitHub Personal Access Tokens (PATs) from workflow logs.
- **Discovery:** Using the stolen credentials to identify and target specific developer repositories (Coinbase).
- **Lateral Movement:** Pushing a malicious update to the `tj-actions/changed-files` dependency, affecting all consumers.
- **Collection:** Dumping CI/CD secrets from subsequent compromised workflows.
- **Exfiltration:** Stealing the collected secrets/tokens.
- **Impact:** Potential unauthorized modification of source code or deployment pipelines, though the targeted attempt against Coinbase was mitigated or unsuccessful.
## Impact Assessment
- **Financial:** Not quantified, but extensive forensic and remediation costs are implied across all 218 impacted organizations.
- **Data Breach:** Sensitive CI/CD secrets and potentially deployment credentials were stolen from affected repositories.
- **Operational:** While Coinbase stated no damage occurred to their assets, the large scale (218 repos) inherently caused operational disruption for remediation efforts across the ecosystem.
- **Reputational:** Significant reputational risk for libraries relying on popular GitHub Actions without strict secret management auditing.
## Indicators of Compromise
*Note: Specific Indicators are not provided in the text, but the attack relies on specific artifacts from the compromised Action.*
- **Network indicators:** Dumps of logs containing credentials flowing outside the secure GitHub environment.
- **File indicators:** The malicious commit pushed to the `tj-actions/changed-files` repository.
- **Behavioral indicators:** Execution of workflows using the modified `tj-actions/changed-files` action and subsequent dumping of secrets to logs.
## Response Actions
- **Containment measures:** (Inferred) Immediate rotation of all exposed secrets/tokens across impacted organizations.
- **Eradication steps:** (Inferred) Removal of the malicious code from the `tj-actions/changed-files` repository and reverting to a known good version.
- **Recovery actions:** (Inferred) Auditing repository histories of the 218 impacted projects for malicious commits or unauthorized changes.
## Lessons Learned
- **Key Takeaways:** Third-party supply chain dependencies, even within standard CI/CD tools like GitHub Actions, represent a critical vector for large-scale breaches. Secret handling within workflow logs is a major vulnerability point.
- **What could have been done better:** Improved isolation or boundary controls around CI/CD runners that handle sensitive tokens; stricter vetting of major third-party actions for widespread use.
## Recommendations
- Implement mandatory step-by-step review and vetting for all external/third-party GitHub Actions used in production CI/CD pipelines.
- Never rely solely on GitHub Actions Secrets for sensitive operations; utilize federated identity or OIDC providers to obtain short-lived credentials per job execution instead of long-lived PATs unless absolutely necessary.
- Regularly audit workflow execution logs across all repositories for unexpected data leakage (e.g., secrets unintentionally echoed to stdout/stderr).