The Securities and Exchange Commission asked Coinbase to halt trading on all cryptocurrencies except for bitcoin before it sued the company in June, Coinbase’s chief executive told the Financial Times. “One hypothesis is that after realizing they could not leverage their token to poison the Coinbase repository – and upon learning that Coinbase had detected and mitigated the attack – the attacker feared losing access to the tj-actions/changed-files action,” Gil said. A deeper search for GitHub forks of tj-actions/changed-files has led to the discovery of two other accounts “2ft2dKo28UazTZ” and “mmvojwip,” both of which have since been deleted from the platform. Both the accounts have also been found to create forks of Coinbase-related repositories such as onchainkit, agentkit, and x402. The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope. Unit 42 and Wiz’s reports confirm that the campaign was initially highly focused on Coinbase and expanded to all projects utilizing tj-actions/changed-files once their initial attempt failed.
Armstrong claimed Coinbase was not in violation of any law, and the SEC overreached in its effort to rein in its efforts. Asked for comment, a Coinbase spokeswoman pointed out a post on X by Paul Grewal, the company’s chief legal officer, that said they “appreciate the court’s careful consideration.” Messages seeking comment were left for the SEC. Shares rose 3% at the opening bell Friday, though the decision, not confirmed by the SEC, would not be unexpected. The Trump administration has projected a much more lenient stance on cryptocurrency markets.
- “In the course of an investigation, the staff may share its own view as to what conduct may raise questions for the Commission under the securities laws,” the spokesperson said.
- Crypto companies have long resisted having their products classified as traditional securities or commodities, arguing that they are a new kind of digital asset that require bespoke rules and regulations.
- This could have caused all the interactions and actions performed by the user to be concealed.
- Unit 42 and Wiz’s reports confirm that the campaign was initially highly focused on Coinbase and expanded to all projects utilizing tj-actions/changed-files once their initial attempt failed.
“The initial scale of the supply chain attack sounded scary, considering that tens of thousands of repositories depend on the GitHub Action,” security researcher Henrik Plate said. “The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,” Palo Alto Networks Unit 42 said in a report. “We followed up by sharing more details of our findings with Coinbase, which stated that the attack was unsuccessful at causing any damage to the agentkit project, or any other Coinbase asset,” reports Palo Alto Unit 42.
Coinbase on Friday said the SEC has agreed to drop the lawsuit against the company with prejudice, meaning it cannot be filed again. Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them. “SEC staff has agreed in principle to dismiss its unlawful enforcement case against Coinbase, subject to Commissioner approval – righting a major wrong,” Paul Grewal, Coinbase’s chief legal officer, said in a blog on the exchange’s website. It’s a claim Armstrong had made before, and former President Joe Biden’s SEC at the time pushed back, saying it was not forcing Coinbase to delist assets.
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free. It’s also not clear what prompted the attacker to switch gears, turning what was an initially targeted attack turned into a large-scale and less stealthy campaign. “However, when targeting Coinbase, the attacker specifically fetched the GITHUB_TOKEN and ensured that the payload would only execute if the repository belonged to Coinbase.” Coinbase’s apparent legal victory aside, Armstrong said that he still believes that the U.S. needs “to get legislation for crypto passed” to codify favorable regulations, or risk falling behind other nations. Armstrong said he fought because he believed that he was saving the crypto industry in America.
The company expects to generate about $410 million to $480 million in subscription and service revenue in the first quarter of 2024, after already earnings about $320 million through Feb. 13. “Custody is obviously a relatively small part of the business today but the great news about ETFs is that it’s invigorating the entire sector … so you’re seeing a lot of activity and engagement on the platform,” he said. Fourth-quarter volume amounted to $154 billion, ahead of the estimate of $142.7 billion. It earned $1.04 per share, beating the average analyst estimate of $0.02 per share, according to FactSet data.
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
According to Unit 42, Coinbase’s agentkit workflow executed the changed-files actions, allowing the threat actors to steal tokens that gave them Write access to the repository. As previously reported, the first stage of the breach involved the compromise of the reviewdog/action-setup@v1 GitHub Action. It is unclear how the breach occurred, but when a related GitHub Action, tj-actions/eslint-changed-files, invoked the reviewdog action, causing its secrets to be dumped to workflow logs. While this action occurred under the SEC’s acting chief, Trump has nominated pro-crypto Paul Atkins to lead the agency. Former SEC chief Gary Gensler, who had been at odds with the crypto industry due to all the enforcement actions, stepped down last month. Trump’s nominee for SEC Chair, Paul Atkins, is expected to regulate crypto with a significantly lighter touch than Gary Gensler, who led the commission under the Biden administration.
Coinbase says the Securities and Exchange Commission has dismissed its case against the cryptocurrency platform, pending commission approval. In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on xcritical scammers this content.
We and our partners process data to provide:
A cascading supply chain attack is a cyberattack where compromising one component, such as a software dependency or tool, triggers a chain reaction that spreads the breach to multiple connected systems or projects. “The ETFs are really a win-win for Coinbase, I think we’re already starting to see that play out on the platform,” Gupta said. The crypto exchange provides custodial services to 8 out of the ten spot bitcoin ETFs, making it a key player in the business. This allowed the threat actors to steal a Personal Access Token that was then used to push a malicious commit to the tj-actions/changed-files GitHub Action that once again dumps CI/CD secrets to workflow logs.
Coinbase SEC Lawsuit Comes to an End
However, Coinbase later told Unit 42 that the attack was unsuccessful and did not impact any of their assets. The changed-files action was used by over 20,000 other projects, including Coinbase’s coinbase/agent kit, a popular framework for allowing AI agents to interact with blockchains. The SEC sued Coinbase during the Biden administration for operating an unregistered securities exchange and offering an unregistered security to the public via their staking-as-a-service program. Coinbase CEO Brian Armstrong praised the SEC’s move to drop its lawsuit in a post on X Friday, saying its fight against the regulator was aimed at preserving the rights of the industry as a whole – not just the company’s. The Securities and Exchange Commission in June 2023 sued Coinbase for allegedly acting as an unregistered broker. The SEC filed a similar suit against overseas rival Binance that month, too – and the company and regulator last week agreed to pause legal proceedings in that case.
Coinbase was primary target of recent GitHub Actions breaches
However, this initial commit specifically targeted projects for Coinbase and another user named “mmvojwip,” an account belonging to the attacker. Coinbase said the SEC is expected to approve the dismissal of its litigation next week, and the regulator would not charge the company any fees or fines. Once the threat actors realized their attack against Coinbase was unsuccessful, they pivoted to other projects, the researchers said.
Last month, the SEC revealed the formation of a new crypto task force under the leadership of Commissioner Hester Peirce. The task force aims to address the long-standing uncertainties surrounding the regulatory classification of digital assets. According to new reports from Palo Alto Unit 42 and Wiz, the attack was carefully planned and began when malicious code was injected into reviewdog/action-setup@v1 GitHub Action.
“There is currently no evidence to suggest a compromise of GitHub or its systems. The projects highlighted are user-maintained open-source projects,” a GitHub spokesperson told The Hacker News. This could have caused all the interactions and actions performed by the user to be concealed. However, when reached for comment, GitHub did not confirm or deny the hypothesis, but said it’s actively reviewing the situation and taking action as necessary. It’s currently suspected that the attacker managed to somehow gain access to a token with write access to the reviewdog organization in order to make the rogue alterations. That said, the manner in which this token may have been acquired remains unknown at this stage.
Coinbase says SEC has agreed to dismiss case against it, pending commission approval
It comes as the new Trump administration has promised to deregulate digital currencies like bitcoin. The SEC did recently asked a federal court to pause ongoing litigation against Binance, the world’s largest cryptocurrency exchange, because leadership is now rethinking previous enforcement actions. Circuit Court of Appeals was a partial win for Coinbase Global Inc., which went to court after the SEC denied its July 2022 request that the agency make clear how securities laws apply to assets such as cryptocurrencies and tokens. Uyeda pointed to the newly established crypto task force as a step in the right direction.
Revenue of $953.8 million also exceeded the analyst forecast of $826.1 million, the company said in a statement. Join our expert-led webinar “AI Uncovered” to discover actionable strategies for securing your business against AI-driven cyber threats. While 23,000 projects utilized the changed-files action, only 218 repositories were ultimately impacted by the breach.
The crypto exchange’s transaction revenue doubled from previous quarter as crypto markets soared.
The crypto industry is expected to join the financial mainstream in the U.S. as the regulatory environment improves, and Coinbase (COIN) is well positioned to benefit from these tailwinds, xcritical rezension broker Bernstein said in a report Monday. The dismissal marks the latest in a string of SEC retreats from high-profile crypto cases. Over the past few days, enforcement actions against Uniswap, OpenSea, Consensys, and Gemini have also been dropped. The dismissal of the Coinbase case comes amid a broader shift in the SEC’s strategy toward crypto regulation. Acting Chairman Mark Uyeda pointed out that, for years, the Commission has focused on enforcement actions to communicate its stance on crypto.
There has been a shift in investor sentiment toward bitcoin (BTCUSD) and the broader crypto markets since President Donald Trump, who has backed the industry, was re-elected late last year. Additionally, a more crypto-friendly Congress holds the promise of greater regulatory clarity for the industry that had often criticized the SEC’s previous enforcement-heavy approach. Will Canny is an experienced market reporter with a demonstrated history of working in the financial services industry. Bernstein initiated coverage of the crypto exchange with an outperform rating and a $310 price target. About 41% of Wall Street analysts have a buy rating on the stock, 7% sell and the rest hold, https://xcritical.solutions/ according to FactSet data. The SEC’s request left Coinbase, America’s largest crypto exchange, with no choice but to take the matter to court, CEO Brian Armstrong said, because stopping those trades would have “essentially meant the end of the crypto industry in the US,” he said.
