Security Alert: Malicious Projects Disguised as "Copy Trading Bots" on GitHub Stealing Private Keys
Jinse Finance reported that the GitHub project polymarket-copy-trading-bot has been implanted with malicious code. When the program is launched, it automatically reads the user's .env file for the wallet private key and transmits it to the hacker's server through a hidden malicious dependency package excluder-mcp-package@1.0.4, resulting in asset theft.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Data: 522.85 BTC transferred from Fidelity Custody to Cumberland DRW, valued at approximately $45.74 million
Institution: Gold and Silver Prices See Steep Decline, Caution Advised Amid Low Liquidity
BitMine: Currently, 408,627 ETH have been staked, and MAVAN is planned to launch in Q1.
Trending news
MoreCrypto prices
More
