GitHub Confirms 3,800 Internal Repos Stolen Through Poisoned VS Code Extension

A threat actor known as TeamPCP breached GitHub's internal systems and stole approximately 3,800 private repositories by exploiting a poisoned Visual Studio Code extension. The attacker planted malicious code in a legitimate-looking developer tool that a GitHub employee installed, granting unauthorized access to the company's internal source repositories.

The attack vector reveals a critical weakness in the software development supply chain. VS Code extensions enjoy deep access to developer machines and can execute code with minimal friction. TeamPCP weaponized this trust by distributing a trojanized extension that harvested credentials and enabled lateral movement through GitHub's network. The employee had no obvious warning the tool was compromised until the theft occurred.

GitHub confirmed the breach and stated that the stolen repositories contained internal code, tools, and documentation but no customer data or production credentials. The company immediately rotated compromised authentication tokens and reinforced access controls. Security teams traced the exfiltration to external servers controlled by TeamPCP.

This incident underscores the escalating risk of supply chain attacks targeting developer infrastructure. The crypto and blockchain sectors face particular exposure since code repositories often contain sensitive protocol implementations, private keys, and deployment scripts. Development teams across DeFi protocols, exchanges, and wallet providers rely on third-party extensions and dependencies that can introduce similar vulnerabilities.

GitHub's response included notifying affected internal teams and implementing stricter vetting processes for third-party tools. The company recommended developers review installed extensions, audit access logs, and verify code integrity before deploying any previously touched repositories.

The breach comes as development security remains under intense pressure. TeamPCP's success with a single poisoned extension highlights how attackers exploit the inherent trust developers place in their tooling ecosystem. Organizations now face difficult tradeoffs between developer productivity and security hardening, particularly when adopting open-source extensions from untrusted sources.