A well-known GitHub project, “polymarket-copy-trading-bot,” has suffered a security breach through malicious code, putting users’ digital assets at risk. The program automatically accesses the .env file on the user’s computer, which contains private wallet keys. These keys are then sent to a hacker’s server via a concealed malicious software package named “excluder-mcp-package@1.0.4,” resulting in the theft of users’ cryptocurrencies. This incident highlights the increasing security threats in the cryptocurrency and blockchain world. GitHub, a globally used platform for programmers and developers to share and collaborate on software code, faces challenges as such attacks emphasize the critical need to scrutinize third-party dependencies in automated trading bots and other digital tools. Platforms like Polymarket, which claim to benefit users through automated crypto trading, now require users to exercise heightened caution. Users are advised to obtain tools only from verified and secure sources and to protect their private keys as much as possible. This attack underscores the importance of not overlooking security aspects in cryptocurrency usage and calls for robust protective measures and continuous monitoring to safeguard users’ assets and restore trust in the crypto market.
Source: binance
