A trojanized VS Code Marketplace extension on one GitHub employee’s device led to exfiltration of ~3,800 internal repositories.
Key Takeaways
TeamPCP claimed the breach on the Breached forum, demanding $50,000 for ~4,000 private repos; GitHub’s investigation confirms the ~3,800 figure.
GitHub removed the malicious extension, isolated the endpoint, and states no customer data outside the affected repos was compromised.
TeamPCP was previously linked to supply chain attacks on PyPI, NPM, Docker, and the “Mini Shai-Hulud” campaign that hit two OpenAI employees.
The VS Code Marketplace has a pattern of recurring trojanized extensions: 9M-install extensions pulled for security risks, XMRig cryptominer extensions, and January 2026 AI-assistant extensions exfiltrating to China.
GitHub serves 4 million organizations including 90% of the Fortune 100, making internal repo exfiltration a high-impact supply chain risk.
Hacker News Comment Review
Commenters noted sharp irony that Microsoft controls VSCode, NPM, and GitHub yet lacks a coordinated permission or vetting system across all three surfaces.
The specific extension was confirmed to be the nx console extension (nrwl/nx-console), with a published GitHub security advisory, giving defenders a concrete indicator to check.
Consensus is that VSCode extensions are a long-standing, obvious attack vector: no sandboxing, mixed publisher trust signals, and aggressive install prompts create a high-risk environment for developer machines.
Notable Comments
@urbandw311er: flagged the nx console extension as the likely culprit based on timing, later confirmed by GitHub’s blog post.
@mcoliver: describes constant extension install prompts with 50/50 odds of official vs. random-dev ownership, illustrating the trust-signal problem at scale.
