SlowMist Team: Coinbase Fell Victim to GitHub Actions CI/CD Supply Chain Attack, Recommends Enterprises to Self-audit Relevant Risks

Blockbeats

23 Mar

BlockBeats News, March 23rd, SawWit, founder of SlowMist, stated on social media that "Using GitHub Actions CI/CD mechanism for a supply chain attack on Coinbase, fortunately it was not successful. Otherwise, the next security incident to be exposed would be targeting Coinbase."

The supply chain attack path on GitHub: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> stealing GitHub Personal Access Token (PAT), cloud service related keys, etc. If a company uses reviewdog or tj-actions, they should conduct a self-inspection."

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2521761792"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2521761792\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2521761792?lang=en_US&edition=fundamental","thumbnail":"","is_english":true,"pubTime":"2025-03-23 16:04","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2521761792","market":"us","top_or_hot":-1,"title":"SlowMist Team: Coinbase Fell Victim to GitHub Actions CI/CD Supply Chain Attack, Recommends Enterprises to Self-audit Relevant Risks","media":"Blockbeats","content":"<html><body><div><p>BlockBeats News, March 23rd, SawWit, founder of SlowMist, stated on social media that \"Using GitHub Actions CI/CD mechanism for a supply chain attack on Coinbase, fortunately it was not successful. Otherwise, the next security incident to be exposed would be targeting Coinbase.\"</p><p>The supply chain attack path on GitHub: reviewdog/action-setup -&gt; tj-actions/changed-files -&gt; coinbase/agentkit -&gt; stealing GitHub Personal Access Token (PAT), cloud service related keys, etc. If a company uses reviewdog or tj-actions, they should conduct a self-inspection.\"</p></div></body></html>","source":"theblockbeats_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>SlowMist Team: Coinbase Fell Victim to GitHub Actions CI/CD Supply Chain Attack, Recommends Enterprises to Self-audit Relevant Risks</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nSlowMist Team: Coinbase Fell Victim to GitHub Actions CI/CD Supply Chain Attack, Recommends Enterprises to Self-audit Relevant Risks\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-03-23 16:04 GMT+8&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//en/flash/286662><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats News, March 23rd, SawWit, founder of SlowMist, stated on social media that \"Using GitHub Actions CI/CD mechanism for a supply chain attack on Coinbase, fortunately it was not successful. ...</p>\n\n<a href=\"https://www.theblockbeats.info//en/flash/286662\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":null,"symbol_name":null,"start_time":0,"source_url":"https://www.theblockbeats.info//en/flash/286662","article_id":"2521761792","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2521761792","pubTimestamp":1742717040,"columns":[],"sourceInfo":{"source_id":"theblockbeats_live","name":"Blockbeats快讯"},"weMediaInfo":null,"summary":"BlockBeats News, March 23rd, SawWit, founder of SlowMist, stated on social media that \"Using GitHub Actions CI/CD mechanism for a supply chain attack on Coinbase, fortunately it was not successful. Otherwise, the next security incident to be exposed would be targeting Coinbase.\"The supply chain attack path on GitHub: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> stealing GitHub Personal Access Token , cloud service related keys, etc. If a company uses reviewdog or tj-actions, they should conduct a self-inspection.\"","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"en","relate_stocks":{},"translate_title":"SlowMist团队：Coinbase成为GitHub Actions CI/CD供应链攻击的受害者，建议企业自审相关风险","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"CD":1,"CI":1,"COIN":1,"PAT.AU":1,"T43.SI":1},"content_text":"BlockBeats News, March 23rd, SawWit, founder of SlowMist, stated on social media that \"Using GitHub Actions CI/CD mechanism for a supply chain attack on Coinbase, fortunately it was not successful. Otherwise, the next security incident to be exposed would be targeting Coinbase.\"The supply chain attack path on GitHub: reviewdog/action-setup -> tj-actions/changed-files -> coinbase/agentkit -> stealing GitHub Personal Access Token (PAT), cloud service related keys, etc. If a company uses reviewdog or tj-actions, they should conduct a self-inspection.\"","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"-1","news_tag":"policyRegulatory","news_rank":0,"symbols":[],"gpt_button":0}}}