Coinbase Stops Major Hack Attempt on AI Crypto Tool

Coinbase has successfully blocked a supply chain cyberattack aimed at its open-source AI toolkit, agentkit. The attacker tried to exploit GitHub permissions to add harmful code into the project’s automated build system (CI/CD pipeline). Thanks to a fast response from Coinbase and help from security professionals, no major damage occurred.

The issue was first made public on March 23, when Yu Jian, the founder of the security firm SlowMist, shared a post on X. He referred to a detailed report from Unit 42, the security research team at Palo Alto Networks.

The hacker targeted Coinbase’s open-source tool agentkit, which helps create blockchain-based AI agents. They also attacked another related toolkit, onchainkit, both hosted on GitHub. By forking these repositories, the attacker inserted dangerous code into the automation process. This malicious activity was detected on March 14, 2025.

Unit 42 explained that the goal was to take advantage of the public CI/CD flow in agentkit. The hacker used GitHub’s broad “write-all” permissions, which allowed them to plant harmful payloads into the automated workflows. This could have exposed sensitive data or opened the door to further compromises.

Fortunately, the injected code did not include highly dangerous features like remote control tools or reverse shell exploits. Instead, it was built to gather internal data quietly. Still, the risk was serious.

Coinbase moved quickly. Working closely with cybersecurity experts, the company isolated the threat and applied key protections. Their quick action stopped the attack before it could reach deeper systems or cause lasting harm.

This incident comes at a time when Coinbase holds a critical role in the crypto world, especially as the largest crypto exchange in the U.S. and a main custodian for spot Bitcoin ETFs. A successful breach could have created serious problems in the wider industry, similar to Bybit’s recent $1.4 billion hack.

Although this attack failed, the same threat actor is now believed to be part of a larger cyber campaign that is gaining global attention.

In response, Yu Jian urged developers to carefully review their GitHub setups. He specifically warned those using tools like reviewdog or tj-actions to double-check their systems and make sure no sensitive information has leaked.

“If your company uses reviewdog or tj-actions, do a thorough self-examination,” he advised on X.

The case shows how securing open-source tools is becoming more urgent as the crypto space grows. According to data from DeFiLlama, over $1.5 billion in crypto has already been lost to hacks and exploits this year alone.