An article from

Dive Brief: 

• The threat actors in the GitHub Action supply chain attack were targeting Coinbase as part of their initial wave, according to a report from Palo Alto Networks Unit 42. Researchers from Wiz confirmed that Coinbase was the original target in an updated blog post. 
• The attack was designed to exploit the public continuous integration/continuous delivery flow of one of the crypto exchange’s open source projects, called agentkit. Researchers said the attackers likely wanted to leverage the project for additional compromises, but they were unable to access Coinbase secrets or publish any of the packages. 
• PAN researchers say the attacker then spent several days working on the larger attacks, eventually compromising versions of tj-actions/changed files. More than 23,000 repositories were put at risk from the larger attack sequence; however, Unit 42 researchers warn the potential risk could reach higher, into the tens of thousands.

Dive Insight:

As previously reported, the attackers already had launched attacks against tj-actions/changed files as well as review-dog/action-setup/v1. The respective compromises are tracked as CVE-2025-30066 and CVE-2025-30154. 

The attack against tj-actions/changed files, discovered on March 14, involved the injection of malicious code through the compromise of a personal access token. As a result, a malicious Python script began leaking secrets. 

Endor Labs previously said about 218 repositories leaked secrets related to the tj-actions/changed files attack.

The attack on review-dog/action-setup/v1 was much smaller, according to researchers at Wiz. 

However, researchers from Unit 42 found that a user named iLrmKCu86tjwp8 had forked the reviewdog/action-setup repository and then vanished from sight. 

“After Coinbase detected and mitigated the issue on their end, the attacker decided to perform the widespread attack by affecting all tag versions of tj-action/changed-files,” Omer Gil, senior research manager at Palo Alto Networks, said via email. 

That user had apparently pushed 13 commits that contained various payloads, according to the Unit 42 researchers. The user also forked the reviewdog/action-typos repository and pushed an additional 15 commits. Forking involves copying the original source code and then making additional changes to the copy.

The attacker eventually obtained a GitHub token with write permissions to the coinbase/agentkit repository on March 14, just hours before the tj-actions/changed files attack, according to Unit 42 researchers. 

Unit 42 researchers contacted the Coinbase maintainer, who confirmed they had removed the workflow, and also shared their findings with Coinbase. 

A spokesperson for Coinbase was not immediately available for comment.