A threat actor known as TeamPCP breached GitHub's internal network after a poisoned Visual Studio Code extension compromised an employee's workstation. The attackers accessed over 3,800 private code repositories.
GitHub confirmed the stolen source code includes components tied to Actions, its CI/CD tool; Copilot, the AI coding assistant; and CodeQL, its security analysis engine.
The group is selling the data on underground forums for at least $50,000 and has threatened to leak it publicly if the price is not met.
GitHub classified the breach as a software supply-chain attack. A malicious extension planted in VS Code gave the attackers a foothold, allowing them to move laterally into internal repositories.
The company says no customer data was accessed. Critical secrets have been rotated, and affected customers may be notified if the risk changes.
TeamPCP has a history of targeting developer infrastructure with similar attacks. The group has previously compromised hundreds of organizations through open-source tools and extensions.
The (50,000 asking price is alarmingly low for code tied to Microsoft's flagship AI and developer products. Security experts warn that detailed knowledge of how Copilot, Actions, and CodeQL function internally could enable future attacks against millions of developers and crypto projects that rely on GitHub.
For the crypto industry, the risk is acute. GitHub hosts the code for most blockchain protocols, DeFi apps, and wallet software. A compromised CI/CD pipeline could allow attackers to inject malicious code into smart contract deployment processes.