Coinbase has successfully prevented a cyberattack on its open-source AI library, agentkit, hosted on GitHub.
Incident Details
Yu Jian, founder of the security firm SlowMist, reported the incident involving an attack on the agentkit library. The hacker attempted to exploit GitHub permissions to insert malicious code into the project's automated build system. The attack was tracked on March 14, 2025. The hacker also targeted another tool, onchainkit, trying to introduce dangerous code into the automation process by using GitHub’s 'write-all' capabilities.
Coinbase's Response
Coinbase reacted swiftly to the threat, working closely with cybersecurity experts to isolate the threat and implement key protective measures. Their prompt actions prevented the attack from causing severe damage. The incident highlighted the necessity for quick responses to potential threats, especially given Coinbase's status as the leading crypto exchange in the U.S.
Learning for Developers
Yu Jian urged developers to thoroughly review their GitHub setups, particularly those using tools like reviewdog or tj-actions, to ensure no sensitive information has been leaked. This case underscores the importance of securing open-source tools as the crypto space continues to grow, having already lost over $1.5 billion this year to hacks and exploits.
The incident with Coinbase highlighted the critical need for a rigorous approach to security in the cryptocurrency industry.
