Coinbase逃避了可能損害其開源基礎設施的供應鏈攻擊

3月23日，區塊鏈安全公司Slowmist的創始人Yu Jian在X上的帖子中標記了該事件，引用了42單元的報告

Coinbase, the largest crypto exchange in the US, has successfully evaded a supply chain attack that could have had significant consequences.

Coinbase是美國最大的加密交易所，成功逃避了可能產生重大後果的供應鏈攻擊。

On March 23, Yu Jian, founder of blockchain security firm SlowMist, flagged the incident in a post on X, referencing a report from Unit 42, the threat intelligence division of Palo Alto Networks.

3月23日，區塊鏈安全公司Slowmist的創始人Yu Jian在X上的帖子中標記了這一事件，引用了Palo Alto網絡威脅情報部42單元的報告。

How Coinbase Stopped a Major Cyber Attack

Coinbase如何停止重大的網絡攻擊

According to Unit 42, the attacker targeted ‘agentkit’, an open-source toolkit managed by Coinbase that supports blockchain-based AI agents.

根據第42單元的說法，攻擊者針對的是由Coinbase管理的開源工具包，該工具包支持基於區塊鏈的AI代理。

The threat actor forked agentkit and onchainkit repositories on GitHub, inserting malicious code intended to exploit the continuous integration pipeline. The suspicious activity was first detected on March 14, 2025.

威脅行為者在Github上分配了Agent Kit和Onchainkit存儲庫，插入了旨在利用連續集成管道的惡意代碼。可疑活動於2025年3月14日首次檢測到。

“The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,” Unit 42 reported.

第42單元據《第42單元》報導：“有效載荷的重點是利用其開源項目之一的公共CI/CD流動 - 特工可能是為了利用它來實現進一步的妥協。”

Exploiting GitHub’s “write-all” permissions, the attacker injected harmful code into the project’s automated workflow. This method could have enabled access to sensitive data and created a path for broader compromises.

攻擊者利用GitHub的“寫入”權限，將有害代碼注入了項目的自動化工作流程中。此方法可以啟用對敏感數據的訪問，並為更廣泛的妥協創造了一條路徑。

However, the payload collected sensitive information and did not contain advanced malicious tools like remote code execution or reverse shell exploits, according to Unit 42.

但是，有效載荷收集了敏感信息，並且不包含高級惡意工具，例如遠程代碼執行或反向外殼利用。

Coinbase responded quickly, collaborating with security experts to isolate the threat and apply necessary mitigations. This rapid action helped the company avoid deeper infiltration and prevented potential damage to its infrastructure.

Coinbase做出了迅速的回應，與安全專家合作，以隔離威脅並採用必要的緩解。這種快速行動有助於該公司避免更深入的浸潤，並防止對其基礎設施的潛在損害。

The stakes were high considering Coinbase’s standing as the largest crypto exchange in the US and a key custodian for spot Bitcoin ETFs.

考慮到Coinbase的地位是美國最大的加密貨幣交易所，也是現貨比特幣ETF的關鍵保管人，賭注很高。

A breach of this nature could have caused major disruption across the crypto industry, especially after Bybit’s recent $1.4 billion security incident.

違反這種性質可能會在整個加密貨幣行業造成重大破壞，尤其是在拜比特最近發生的14億美元安全事件之後。

Despite the failed attempt, the attacker has since shifted focus to a larger campaign now drawing global attention.

儘管嘗試失敗，但此後，攻擊者將重點轉移到了更大的運動中，現在引起了全球關注。

In light of this, SlowMist founder advised developers using GitHub Actions—especially those working with tj-actions or reviewdog—to audit their systems and confirm that no secrets have been exposed.

鑑於此，Slowmist創始人建議開發人員使用GitHub動作（尤其是使用TJ-Actions或ReviewDog工作的人）來審核其係統，並確認沒有秘密暴露出來。

“If your company uses reviewdog or tj-actions, do a thorough self-examination,” Yu Jian stated on X.

Yu Jian在X上說：“如果您的公司使用ReviewDog或TJ-Actions，請進行徹底的自我檢查。”

This incident highlights the growing importance of securing open-source tools as the crypto ecosystem expands. Data from DeFillama shows that the crypto industry has recorded exploits of more than $1.5 billion this year.

這一事件強調了隨著加密生態系統的擴展，確保開源工具的重要性越來越重要。 Defillama的數據表明，加密貨幣行業今年記錄了超過15億美元的利用。