Coinbase Thwarts Supply Chain Attack on AI Tool Agentkit

Coinbase, a prominent cryptocurrency exchange, recently averted a major cyberattack targeting its AI-powered tool, agentkit. The incident involved a supply chain attack where malicious code was attempted to be inserted through GitHub's CI/CD system. The attack, which began on March 14, 2025, targeted the GitHub Action "tj-actions/changed-files" and was aimed at exploiting the public CI/CD flow of Coinbase's open-source project. The payload was designed to leak sensitive secrets from repositories that ran the compromised workflow, but Coinbase's security measures successfully prevented the attacker from accessing any secrets or publishing malicious packages.

The issue was first made public on March 23, when a security expert shared a post on X. He referred to a detailed report from a security research team. The hacker targeted Coinbase’s open-source tool agentkit, which helps create blockchain-based AI agents. They also attacked another related toolkit, onchainkit, both hosted on GitHub. By forking these repositories, the attacker inserted dangerous code into the automation process. This malicious activity was detected on March 14, 2025.

The goal of the attack was to take advantage of the public CI/CD flow in agentkit. The hacker used GitHub’s broad “write-all” permissions, which allowed them to plant harmful payloads into the automated workflows. This could have exposed sensitive data or opened the door to further compromises. Fortunately, the injected code did not include highly dangerous features like remote control tools or reverse shell exploits. Instead, it was built to gather internal data quietly. Still, the risk was serious.

Coinbase moved quickly. Working closely with cybersecurity experts, the company isolated the threat and applied key protections. Their quick action stopped the attack before it could reach deeper systems or cause lasting harm. This incident comes at a time when coinbase holds a critical role in the crypto world, especially as the largest crypto exchange in the U.S. and a main custodian for spot Bitcoin ETFs. A successful breach could have created serious problems in the wider industry.

Although this attack failed, the same threat actor is now believed to be part of a larger cyber campaign that is gaining global attention. In response, a security expert urged developers to carefully review their GitHub setups. He specifically warned those using tools like reviewdog or tj-actions to double-check their systems and make sure no sensitive information has leaked. “If your company uses reviewdog or tj-actions, do a thorough self-examination,” he advised on X.

The case shows how securing open-source tools is becoming more urgent as the crypto space grows. This event underscores the importance of vigilant cybersecurity practices in the cryptocurrency industry. As digital assets and blockchain technologies become more integrated into financial systems, the risk of sophisticated cyberattacks increases. Companies like Coinbase must continually update their security measures to protect against evolving threats. The successful defense against this attack demonstrates Coinbase's commitment to safeguarding user data and maintaining the integrity of its platforms.

The incident also serves as a reminder for other organizations to review their supply chain security practices. Ensuring that third-party tools and services are secure is essential for protecting against supply chain attacks. Regular audits, updates, and monitoring of CI/CD pipelines can help prevent similar incidents in the future. By staying proactive and responsive, companies can better defend against the ever-changing landscape of cyber threats.

Ask Aime: What was the nature of the recent cyberattack on Coinbase's AI-powered tool, agentkit, and how did the company respond to mitigate the risk?