Security Alert: Malicious Projects Disguised as "Copy Trading Bots" on GitHub Stealing Private Keys
Show original
Jinse Finance reported that the GitHub project polymarket-copy-trading-bot has been implanted with malicious code. When the program is launched, it automatically reads the user's .env file for the wallet private key and transmits it to the hacker's server through a hidden malicious dependency package excluder-mcp-package@1.0.4, resulting in asset theft.
0
0
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Blockchain Innovation Achievements Industrialization (Shanghai) Service Center Unveiled
PANews•2025/12/21 11:10
