Malicious code implanted in polymarket copy trading project polymarket-copy-trading-bot to steal private keys
Show original
According to Odaily, the GitHub project polymarket-copy-trading-bot has been found to contain malicious code. When the program is launched, it automatically reads the user's wallet private key from the .env file and transmits it to a hacker's server via a hidden malicious dependency package, excluder-mcp-package@1.0.4, resulting in asset theft.
0
0
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
