A recent supply chain attack involving the popular GitHub Action, tj-actions/changed-files, targeted Coinbase, according to separate reports from Palo Alto Unit 42 and Wiz. The breach, which affected hundreds of repositories, was carried out through a compromised GitHub Action that leaked secrets and authentication tokens.
The attack began with the injection of malicious code into the widely used reviewdog/action-setup@v1 GitHub Action. While the exact method of the initial breach remains unclear, the compromised action was altered to leak CI/CD secrets and authentication tokens into GitHub Actions logs.
The first stage of the attack occurred when the tj-actions/eslint-changed-files GitHub Action called the compromised reviewdog/action-setup@v1. This led to the secret credentials being exposed in the workflow logs, providing threat actors with the opportunity to steal a Personal Access Token (PAT). using this token, the attackers pushed a malicious commit to the tj-actions/changed-files repository, which further compromised CI/CD secrets for other projects.
The attackers initially focused on Coinbase and a user account named mmvojwip (later determined to belong to the attackers themselves). The changed-files action was used by over 20,000 repositories, including Coinbase's coinbase/agentkit, a framework designed to allow AI agents to interact with blockchain technology.
Coinbase's agentkit workflow executed the malicious action, providing attackers with access to sensitive tokens and granting them write permissions on the repository. According to Palo Alto Unit 42, the breach occurred on March 14, 2025, just hours before the broader attack on the tj-actions/changed-files GitHub Action. However, Coinbase later confirmed that the attack was ultimately unsuccessful.
The campaign then spread to affect all projects utilizing the compromised changed-files action. Although over 23,000 repositories used the vulnerable action, only 218 repositories were ultimately impacted by the attack.
