Coinbase has successfully thwarted a cyberattack targeting its open-source AI toolkit, agentkit. The attacker aimed to exploit GitHub permissions to insert harmful code into the project’s automated build system. Thanks to Coinbase’s quick response and support from security experts, no significant damage occurred.
The incident was first reported on March 23 by Yu Jian, founder of the security firm SlowMist. He referenced a detailed report from Unit 42, the security research team at Palo Alto Networks.
The hacker targeted both agentkit and another related toolkit, onchainkit, which are hosted on GitHub. By forking these repositories, the attacker attempted to introduce dangerous code into the automation process. This malicious activity was detected on March 14, 2025.
Unit 42 explained that the hacker aimed to exploit the public CI/CD flow in the agentkit. They used GitHub’s broad “write-all” permissions to insert harmful payloads into the automated workflows.
This could have led to the exposure of sensitive data or further compromises. Fortunately, the injected code did not contain highly dangerous features like remote control tools. Instead, it was designed to gather internal data, posing a serious risk nonetheless quietly.
Coinbase acted swiftly. The company worked closely with cybersecurity experts to isolate the threat and implement key protections. Their rapid actions prevented the attack from causing more serious damage or lasting harm.
This incident is significant as Coinbase is a major player in the crypto world, being the largest crypto exchange in the U.S. A successful breach could have had serious implications for the entire industry, similar to a recent $1.4 billion hack of Bybit.
Yu Jian has urged developers to carefully review their GitHub setups, especially those using tools like reviewdog or tj-actions. He advised them to ensure no sensitive information has leaked. This case highlights the urgent need for securing open-source tools as the crypto space continues to expand. So far this year, over $1.5 billion in crypto has been lost to hacks and exploits.
