Coinbase逃避了可能损害其开源基础设施的供应链攻击

3月23日，区块链安全公司Slowmist的创始人Yu Jian在X上的帖子中标记了该事件，引用了42单元的报告

Coinbase, the largest crypto exchange in the US, has successfully evaded a supply chain attack that could have had significant consequences.

Coinbase是美国最大的加密交易所，成功逃避了可能产生重大后果的供应链攻击。

On March 23, Yu Jian, founder of blockchain security firm SlowMist, flagged the incident in a post on X, referencing a report from Unit 42, the threat intelligence division of Palo Alto Networks.

3月23日，区块链安全公司Slowmist的创始人Yu Jian在X上的帖子中标记了这一事件，引用了Palo Alto网络威胁情报部42单元的报告。

How Coinbase Stopped a Major Cyber Attack

Coinbase如何停止重大的网络攻击

According to Unit 42, the attacker targeted ‘agentkit’, an open-source toolkit managed by Coinbase that supports blockchain-based AI agents.

根据第42单元的说法，攻击者针对的是由Coinbase管理的开源工具包，该工具包支持基于区块链的AI代理。

The threat actor forked agentkit and onchainkit repositories on GitHub, inserting malicious code intended to exploit the continuous integration pipeline. The suspicious activity was first detected on March 14, 2025.

威胁行为者在Github上分配了Agent Kit和Onchainkit存储库，插入了旨在利用连续集成管道的恶意代码。可疑活动于2025年3月14日首次检测到。

“The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,” Unit 42 reported.

第42单元据《第42单元》报道：“有效载荷的重点是利用其开源项目之一的公共CI/CD流动 - 特工可能是为了利用它来实现进一步的妥协。”

Exploiting GitHub’s “write-all” permissions, the attacker injected harmful code into the project’s automated workflow. This method could have enabled access to sensitive data and created a path for broader compromises.

攻击者利用GitHub的“写入”权限，将有害代码注入了项目的自动化工作流程中。此方法可以启用对敏感数据的访问，并为更广泛的妥协创造了一条路径。

However, the payload collected sensitive information and did not contain advanced malicious tools like remote code execution or reverse shell exploits, according to Unit 42.

但是，有效载荷收集了敏感信息，并且不包含高级恶意工具，例如远程代码执行或反向外壳利用。

Coinbase responded quickly, collaborating with security experts to isolate the threat and apply necessary mitigations. This rapid action helped the company avoid deeper infiltration and prevented potential damage to its infrastructure.

Coinbase做出了迅速的回应，与安全专家合作，以隔离威胁并采用必要的缓解。这种快速行动有助于该公司避免更深入的浸润，并防止对其基础设施的潜在损害。

The stakes were high considering Coinbase’s standing as the largest crypto exchange in the US and a key custodian for spot Bitcoin ETFs.

考虑到Coinbase的地位是美国最大的加密货币交易所，也是现货比特币ETF的关键保管人，赌注很高。

A breach of this nature could have caused major disruption across the crypto industry, especially after Bybit’s recent $1.4 billion security incident.

违反这种性质可能会在整个加密货币行业造成重大破坏，尤其是在拜比特最近发生的14亿美元安全事件之后。

Despite the failed attempt, the attacker has since shifted focus to a larger campaign now drawing global attention.

尽管尝试失败，但此后，攻击者将重点转移到了更大的运动中，现在引起了全球关注。

In light of this, SlowMist founder advised developers using GitHub Actions—especially those working with tj-actions or reviewdog—to audit their systems and confirm that no secrets have been exposed.

鉴于此，Slowmist创始人建议开发人员使用GitHub动作（尤其是使用TJ-Actions或ReviewDog工作的人）来审核其系统，并确认没有秘密暴露出来。

“If your company uses reviewdog or tj-actions, do a thorough self-examination,” Yu Jian stated on X.

Yu Jian在X上说：“如果您的公司使用ReviewDog或TJ-Actions，请进行彻底的自我检查。”

This incident highlights the growing importance of securing open-source tools as the crypto ecosystem expands. Data from DeFillama shows that the crypto industry has recorded exploits of more than $1.5 billion this year.

这一事件强调了随着加密生态系统的扩展，确保开源工具的重要性越来越重要。 Defillama的数据表明，加密货币行业今年记录了超过15亿美元的利用。