• bitcoinBitcoin (BTC) $ 62,447.00
  • ethereumEthereum (ETH) $ 1,759.49
  • tetherTether (USDT) $ 0.999173
  • bnbBNB (BNB) $ 573.22
  • usd-coinUSDC (USDC) $ 0.999853
  • xrpXRP (XRP) $ 1.14
  • solanaSolana (SOL) $ 82.03
  • tronTRON (TRX) $ 0.323821
  • staked-etherLido Staked Ether (STETH) $ 2,265.05
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.01
  • hyperliquidHyperliquid (HYPE) $ 71.13
  • dogecoinDogecoin (DOGE) $ 0.077041
  • rainRain (RAIN) $ 0.015480
  • usdsUSDS (USDS) $ 0.999697
  • leo-tokenLEO Token (LEO) $ 9.14
  • wrapped-stethWrapped stETH (WSTETH) $ 2,779.67
  • zcashZcash (ZEC) $ 457.85
  • stellarStellar (XLM) $ 0.208110
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 76,243.00
  • whitebitWhiteBIT Coin (WBT) $ 56.55
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.998762
  • cardanoCardano (ADA) $ 0.176238
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 2,466.93
  • moneroMonero (XMR) $ 329.16
  • chainlinkChainlink (LINK) $ 7.92
  • canton-networkCanton (CC) $ 0.137769
  • wrapped-eethWrapped eETH (WEETH) $ 2,465.31
  • the-open-networkGram (prev. Toncoin) (GRAM) $ 1.80
  • daiDai (DAI) $ 0.999776
  • usd1-wlfiUSD1 (USD1) $ 0.999045
  • susdssUSDS (SUSDS) $ 1.08
  • bitcoin-cashBitcoin Cash (BCH) $ 225.36
  • ethena-usdeEthena USDe (USDE) $ 0.998751
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 76,366.00
  • litecoinLitecoin (LTC) $ 44.38
  • hedera-hashgraphHedera (HBAR) $ 0.072369
  • hashnote-usycCircle USYC (USYC) $ 1.13
  • wethWETH (WETH) $ 2,268.37
  • suiSui (SUI) $ 0.756164
  • labLAB (LAB) $ 9.72
  • global-dollarGlobal Dollar (USDG) $ 0.999750
  • usdt0USDT0 (USDT0) $ 0.998824
  • avalanche-2Avalanche (AVAX) $ 6.85
  • paypal-usdPayPal USD (PYUSD) $ 0.999707
  • crypto-com-chainCronos (CRO) $ 0.060562
  • shiba-inuShiba Inu (SHIB) $ 0.000004
  • nearNEAR Protocol (NEAR) $ 1.97
  • tether-goldTether Gold (XAUT) $ 4,159.05
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.22
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.14
  • memecoreMemeCore (M) $ 1.59
  • bittensorBittensor (TAO) $ 213.14
  • uniswapUniswap (UNI) $ 3.19
  • pax-goldPAX Gold (PAXG) $ 4,165.06
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.055829
  • aster-2Aster (ASTER) $ 0.640865
  • okbOKB (OKB) $ 81.70
  • ondo-financeOndo (ONDO) $ 0.332760
  • ripple-usdRipple USD (RLUSD) $ 0.999790
  • little-pepe-5Little Pepe (LILPEPE) $ 2.16
  • htx-daoHTX DAO (HTX) $ 0.000002
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • worldcoin-wldWorldcoin (WLD) $ 0.425199
  • polkadotPolkadot (DOT) $ 0.873817
  • mantleMantle (MNT) $ 0.441936
  • falcon-financeFalcon USD (USDF) $ 0.996043
  • usddUSDD (USDD) $ 0.998826
  • skySky (SKY) $ 0.058165
  • aaveAave (AAVE) $ 87.61
  • bfusdBFUSD (BFUSD) $ 0.998365
  • morphoMorpho (MORPHO) $ 1.94
  • pi-networkPi Network (PI) $ 0.115612
  • internet-computerInternet Computer (ICP) $ 2.22
  • bitget-tokenBitget Token (BGB) $ 1.71
  • pepePepe (PEPE) $ 0.000003
  • ethereum-classicEthereum Classic (ETC) $ 7.18
  • dexeDeXe (DEXE) $ 23.21
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.00
  • united-stablesUnited Stables (U) $ 1.00
  • quant-networkQuant (QNT) $ 67.76
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.21
  • blockchain-capitalBlockchain Capital (BCAP) $ 106.97
  • kucoin-sharesKuCoin (KCS) $ 7.08
  • jito-staked-solJito Staked SOL (JITOSOL) $ 124.46
  • audieraAudiera (BEAT) $ 2.98
  • usdgoUSDGO (USDGO) $ 0.999821
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 2,404.69
  • janus-henderson-anemoy-treasury-fundJanus Henderson Anemoy Treasury Fund (JTRSY) $ 1.11
  • superstate-short-duration-us-government-securities-fund-ustbInvesco Short Duration US Government Securities Fund (USTB) $ 11.13
  • binance-peg-wethBinance-Peg WETH (WETH) $ 2,262.26
  • kaspaKaspa (KAS) $ 0.031469
  • rocket-pool-ethRocket Pool ETH (RETH) $ 2,631.35
  • stable-2​​Stable (STABLE) $ 0.034494
  • render-tokenRender (RENDER) $ 1.59
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999945
  • cosmosCosmos Hub (ATOM) $ 1.58
  • algorandAlgorand (ALGO) $ 0.088970
  • wbnbWrapped BNB (WBNB) $ 759.61
  • jupiter-exchange-solanaJupiter (JUP) $ 0.236322
  • ignition-fbtcFunction FBTC (FBTC) $ 76,389.00
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.073216
  • justJUST (JST) $ 0.090056
  • nexoNEXO (NEXO) $ 0.763074
  • usdtbUSDtb (USDTB) $ 1.00
  • ethenaEthena (ENA) $ 0.078057
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • gatechain-tokenGate (GT) $ 6.78
  • adi-tokenADI (ADI) $ 5.75
  • beldexBeldex (BDX) $ 0.088359
  • binance-staked-solBinance Staked SOL (BNSOL) $ 108.24
  • bianrensheng币安人生 (BinanceLife) (币安人生) $ 0.689852
  • spiko-amundi-overnight-swap-fund-eurSpiko Amundi Overnight Swap Fund (EUR) (EURSAFO) $ 1.15
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.04
  • pump-funPump.fun (PUMP) $ 0.001601
  • filecoinFilecoin (FIL) $ 0.802565
  • venice-tokenVenice Token (VVV) $ 12.85
  • new-x-ceo-is-backNEW X CEO IS BACK (XFLOKI) $ 0.506041
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999720
  • flare-networksFlare (FLR) $ 0.006986
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 76,461.00
  • ghoGHO (GHO) $ 0.998098
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 76,491.00
  • xdce-crowd-saleXDC Network (XDC) $ 0.028609
  • usual-usdUsual USD (USD0) $ 0.998705
  • yldsYLDS (YLDS) $ 0.999834
  • clbtcclBTC (CLBTC) $ 76,920.00
  • lighterLighter (LIT) $ 2.17
  • midnight-3Midnight (NIGHT) $ 0.032504
  • aerodrome-financeAerodrome Finance (AERO) $ 0.553893
  • aptosAptos (APT) $ 0.626409
  • usxUSX (USX) $ 0.999924
  • arbitrumArbitrum (ARB) $ 0.079722
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 2,419.84
  • hash-2Provenance Blockchain (HASH) $ 0.009086
  • true-usdTrueUSD (TUSD) $ 0.996798
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 33.97
  • a7a5A7A5 (A7A5) $ 0.012406
  • tbtctBTC (TBTC) $ 70,942.00
  • injective-protocolInjective (INJ) $ 4.80
  • dashDash (DASH) $ 35.23
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.38
  • euro-coinEURC (EURC) $ 1.14
  • bonkBonk (BONK) $ 0.000005
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.006730
  • official-trumpOfficial Trump (TRUMP) $ 1.78
  • c8ntinuumc8ntinuum (CTM) $ 0.087592
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.184435
  • mantle-staked-etherMantle Staked Ether (METH) $ 2,455.82
  • ousgOndo Short-Term U.S. Government Bond Fund (OUSG) $ 115.76
  • vechainVeChain (VET) $ 0.004707
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999983
  • hastra-primeHastra PRIME (PRIME) $ 1.05
  • resolv-wstusrResolv wstUSR (WSTUSR) $ 1.13
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.566242
  • cocaCOCA (COCA) $ 1.30
  • spx6900SPX6900 (SPX) $ 0.398305
  • celestiaCelestia (TIA) $ 0.389996
  • jito-governance-tokenJito (JTO) $ 0.743366
  • doge-strategyDoge Strategy (DOGESTR) $ 0.288297
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 2,406.26
  • grassGrass (GRASS) $ 0.561208
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 76,200.00
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000064
  • ether-fiEther.fi (ETHFI) $ 0.377670
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.997550
  • the9bitThe9bit (9BIT) $ 0.042627
  • sei-networkSei (SEI) $ 0.049425
  • wrapped-flareWrapped Flare (WFLR) $ 0.009961
  • sun-tokenSun Token (SUN) $ 0.016968
  • apxusdapxUSD (APXUSD) $ 0.874761
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 2,266.86
  • kinesis-goldKinesis Gold (KAU) $ 135.15
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.12
  • curve-dao-tokenCurve DAO (CRV) $ 0.206781
  • blockstackStacks (STX) $ 0.170223
  • pyth-networkPyth Network (PYTH) $ 0.038056
  • ethgas-2ETHGas (GWEI) $ 0.139039
  • bitcoin-svBitcoin SV (BSV) $ 14.57
  • binance-peg-xrpBinance-Peg XRP (XRP) $ 1.59
  • plasmaPlasma (XPL) $ 0.108236
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 2,443.47
  • kite-2Kite (KITE) $ 0.115619
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,421.84
  • gnosisGnosis (GNO) $ 104.49
  • noonNoon (NOON) $ 0.751949
  • bittorrentBitTorrent (BTT) $ 0.00000027
  • royal-dollarRoyal Dollar (RUSD) $ 0.998700
  • sbtc-2sBTC (SBTC) $ 77,039.00
  • apenftAINFT (NFT) $ 0.00000026
  • tezosTezos (XTZ) $ 0.239181
  • olympusOlympus (OHM) $ 16.97
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 115.56
  • pendlePendle (PENDLE) $ 1.46
  • savings-usddSavings USDD (SUSDD) $ 1.03
  • unibaseUnibase (UB) $ 0.098912
  • monadMonad (MON) $ 0.020300
  • megausdMegaUSD (USDM) $ 1.00
  • msolMarinade Staked SOL (MSOL) $ 133.18
  • conflux-tokenConflux (CFX) $ 0.045590

Attackers deliver infostealer to Polymarket trading bot users, DeFi devs through npm packages

0 0


Hackers created a fake trading bot for Polymarket’s prediction markets on GitHub. The bot was used to spread malware that steals credentials like wallet keys and browser passwords.

30 malicious packages were found across several npm accounts, reportedly targeting developers and traders who use automated strategies. At least 53 developers fell for the trap before it was flagged.

How did a fake bot spread to over 53 developers?

On July 1, 2026, the security firm SlowMist flagged a fake trading bot that promised big profits on Polymarket but was actually just a delivery vehicle for malware. SafeDep found 30 malicious npm packages spread across multiple accounts and tied to one fake GitHub repository.

The criminals posted a “polymarket-arbitrage-bot” that claimed to make over $80,000 per year. It got 36 stars and 53 forks before the scam was exposed. Every developer who downloaded and installed it ran the malware.

The attackers were aware of the fact that real trading bots have made huge money on Polymarket.

One bot profiled by prediction-markets analyst Dexter’s Lab turned $313 into $414,000 in just one month, while another, analyzed by researcher Igor Mikerin, made $2.2 million over two months. This track record made the fake bot look believable to traders chasing easy profits.

The instructions for this fake trading bot included having users put their Polymarket private key into a .env file before running “npm install.” During installation, the malware, which is hidden inside a dependency called “clob-client-math”, would run.

The malware steals a lot of sensitive data, including:

  • Crypto wallet data from MetaMask, Phantom, Coinbase Wallet, TrustWallet, and others.
  • Browser data like saved passwords and cookies from Chrome, Firefox, and Brave.
  • SSH keys, AWS login details, npm and PyPI tokens.
  • Data from password managers like Bitwarden, KeePass, and 1Password.
  • Private keys and API tokens.

What should you do if you downloaded the fake bot?

Security researchers believe North Korean hackers are behind this attack. The group is running a larger campaign called “Contagious Trader” that targets crypto developers.

Cryptopolitan reported in March that hackers took over an Axios developer’s account and published malicious npm packages. In May, one compromised account was used to take over 323 packages in under 30 minutes.

Polymarket users have also faced other attacks this year, like when, in late June, a phishing scam drained $2.94 million from at least 11 accounts.

SafeDep says any computer that ran “npm install” on the fake bot should be treated as hacked. Such individuals are advised to rotate all crypto wallet keys right away, change every password stored in their browser, and replace all AWS credentials, SSH keys, and API tokens.

Traders are also advised to check their npm lock files for the 30 malicious packages by looking for dependencies that appear in package.json but never get used in the code. The repository’s “package.json” in this attack listed four dependencies, but only three (the official Polymarket SDK, ethers, and dotenv) were legitimate. The fourth, clob-client-math, which hid the malware, was never imported anywhere in the bot’s source code.

The best defense is checking if packages come from new accounts with no publishing history, as all the fake packages were published by brand-new accounts.



Source link

Leave A Reply

Your email address will not be published.