GitHub Breach Tied to TanStack npm Supply-Chain Attack
Key Takeaways
- Hackers accessed 3,800 GitHub internal repositories through a compromised Nx Console VS Code extension
- The malicious extension was live for 18 minutes on Visual Studio Marketplace and 36 minutes on OpenVSX
- TeamPCP is demanding at least $50,000 for the stolen GitHub source code
GitHub has confirmed that hackers breached 3,800 of its internal repositories. The attack vector: a malicious version of the Nx Console VS Code extension, poisoned during last week's TanStack npm supply-chain compromise.
The company disclosed on Tuesday that an employee installed the compromised extension, giving attackers access to internal code. GitHub CISO Alexis Wales provided details in a blog post Wednesday evening.
How the Attack Worked
The breach traces back to TeamPCP, a threat group linked to multiple supply-chain attacks on developer platforms including PyPI, NPM, GitHub, and Docker. TeamPCP is also connected to the "Mini Shai-Hulud" campaign that affected two OpenAI employees.
The attack started with the compromise of dozens of TanStack and Mistral AI npm packages. Attackers then used stolen CI/CD credentials to spread to other projects, including UiPath, Guardrails AI, and OpenSearch.
Nx Console is the official Visual Studio Code extension for Nx. It helps developers manage large repositories and multi-project codebases without relying entirely on Terminal CLI commands. A malicious version, 18.95.0, appeared on the Visual Studio Marketplace for roughly 18 minutes and on OpenVSX for 36 minutes.
The poisoned extension deployed a payload designed to steal credentials from npm, AWS, Kubernetes, GitHub, and GCP/Docker.
Nx Team's Account
The Nx development team explained what happened on their end. One of their developers was compromised through the TanStack supply-chain attack, which leaked GitHub credentials via the GitHub CLI.
“One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.”
— Nx development team
The team said they are working jointly with GitHub and Microsoft to assess the full impact.
GitHub's Response
GitHub has secured the compromised device. The company says it has not found evidence that customer data stored outside the affected repositories was stolen.
“We rotated critical secrets Monday and into Tuesday with the highest-impact credentials prioritized first. We continue to analyze logs, validate secret rotation, and monitor our infrastructure for any follow-on activity. We will take additional action as the investigation warrants.”
— Alexis Wales, GitHub CISO
GitHub has not officially attributed the attack to a specific group. But TeamPCP claimed responsibility on the Breached forum on Tuesday, saying they accessed GitHub source code and "~4,000 repos of private code." The group is asking for at least $50,000.
Timeline of Events
What This Means for Development Teams
The attack highlights a growing problem: developer tools have become high-value targets. VS Code extensions, npm packages, and CI/CD pipelines all offer attackers a path to steal credentials that unlock much larger targets.
In this case, 18 minutes of exposure on the Visual Studio Marketplace was enough for at least one GitHub employee to install the malicious extension. The cascading effect gave attackers access to thousands of internal repositories.
Organizations relying on open-source tooling should review their extension update policies. Automatic updates can speed adoption of legitimate security patches, but they also reduce the window for catching supply-chain attacks.
Logicity's Take
Frequently Asked Questions
How did hackers breach GitHub's internal repositories?
An employee installed a malicious version of the Nx Console VS Code extension (version 18.95.0), which was compromised during the TanStack npm supply-chain attack. The extension stole credentials that gave attackers access to 3,800 internal repositories.
How long was the malicious Nx Console extension available?
The poisoned extension was live on the Visual Studio Marketplace for approximately 18 minutes and on OpenVSX for 36 minutes before being removed.
Who is behind the GitHub breach?
TeamPCP, a cybercrime group linked to supply-chain attacks on PyPI, NPM, GitHub, and Docker, claimed responsibility. The group is demanding at least $50,000 for the stolen source code.
Was customer data stolen in the GitHub breach?
GitHub says it has not found evidence that customer data stored outside the affected repositories was stolen. The investigation is ongoing.
What credentials did the malicious extension target?
The payload was designed to steal credentials for npm, AWS, Kubernetes, GitHub, and GCP/Docker.
Another example of how security vulnerabilities require more than simple fixes
Need Help Implementing This?
Source: BleepingComputer
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
Samsung Union Suspends Strike After Bonus Deal
Samsung's largest labor union in South Korea called off an 18-day strike set to begin May 21 after reaching a tentative agreement on employee bonuses. The deal removes the cap on bonuses and allocates 10.5% of annual operating profits to workers, averting potential losses of $669 million and disruption to global memory chip supply.
Poco Pad C1 Launches as Rebranded Redmi Pad 2 9.7
Xiaomi has quietly listed the Poco Pad C1 on its global website. The tablet shares identical specs with the Redmi Pad 2 9.7, which launched just last month. Pricing remains unannounced, but global availability is expected soon.
Australia Fines X $465,000 for Failing to Report on Child Safety
An Australian court has fined Elon Musk's X Corp. AU$650,000 for ignoring a 2023 transparency notice about how the platform handles child sexual exploitation content. The ruling ends a three-year legal battle where X argued it wasn't obligated to answer the regulator's questions.