Urgent: Attempting to Reach Trail of Bits Regarding Critical CI/CD Supply Chain Risk

[starixapp]

Hello Trail of Bits team,

I have tried to contact you via the official contact form and email regarding a critical vulnerability in the CI/CD infrastructure of a widely used blockchain repository (Bitcoin Core), which directly impacts major exchanges and wallet infrastructure (including Binance).

I have not received a response or confirmation.

Due to the severity of the issue—which involves a potential risk of supply chain compromise and transaction hijacking—I am forced to publicly share this issue for the purpose of initiating secure coordination only. No technical details will be shared here.

Please confirm a secure contact or open a private coordination channel under a non-disclosure agreement. I am willing to provide proof of concept and documentation under appropriate circumstances.

I look forward to your professional communication.

—Alex Morgan

[starixapp]

Hello, I hope to receive a response from you as soon as possible regarding my intelligence file related to a money laundering case of more than $100 million. Le mer. 27 août 2025, 4:01 PM, Dan Guido ***@***.***> a écrit :

…

Closed #571 <#571> as completed. — Reply to this email directly, view it on GitHub <#571 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/BTRPNUS4TGB2UOKRAKYFZ733PXB4HAVCNFSM6AAAAACCJMMYRSVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJZGM3TAOBZGE4TGNA> . You are receiving this because you authored the thread.Message ID: ***@***.***>