Security researchers issue alert over malicious code found in a Polymarket copy-trading bot on GitHub

Security-oriented researchers and companies have warned about a popular, open-source Polymarket copy trading bot hosted on GitHub. 

The bot was created by a developer under the handle “Trust412,” and reportedly contains hidden malicious code across multiple commits and dependencies. 

SlowMist sounds Polymarket trading bot warning 

Earlier today, December 21, 23pds, SlowMist’s Chief Information Security Officer, retweeted a warning from a community user about a malicious code in a Polymarket copy-trading bot on GitHub, posing security risks. 

The incident has reminded many that the crypto bot market still has many vulnerabilities, which is why scrutinizing GitHub repositories for hidden threats is now non-negotiable. 

According to the post 23pds interacted with, this code was deliberately put there, but its malicious nature was disguised while the author revised it repeatedly to ensure that it evaded detection. 

This occurred across multiple submissions in the “polymarket-copy-trading-bot” repository, potentially exposing users to fund theft.

The hidden code in the bot’s program made it scan and read configuration files automatically, extract private keys, and transfer them to a remote server controlled by the hackers.  

Users are urged to be cautious with any unaudited code repositories. In 23pds’s post, he alleged this is not the first time the method is being used to target GitHub and its users and that it will not be the last of such incidents. 

How to avoid the private key exploits 

The most crucial thing about this form of exploit is that it depends on the individual to kick-start the process, which means extra caution would do a lot to prevent repeated cases. 

The exploit is a classic supply-chain attack on open-source tools. It requires users to first install the bot, which many do in an effort to copy successful traders on Polymarket. These users input their private keys for signing trades, thereby unknowingly exposing them.

Anyone who finds themselves in such a predicament is advised to immediately delete the repository if it has been downloaded, assume any wallet linked to it has been compromised, and move all funds to a new one as quickly as it can be done. 

It also does not help matters that similar issues have come up in other Polymarket bot repos. So it has become crucial to scrutinize third-party trading scripts to be on the safe side. 

It should be noted that the Polymarket platform has not been hacked; the bots that have been wreaking this havoc are unofficial ones, which pose high risks since they require direct access to users’ private keys.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.