Polymarket Bot Scam Hits 53 Developers via 30 Malicious npm Packages

Polymarket Bot Scam Hits 53 Developers via 30 Malicious npm Packages
Planck

Polymarket Bot Scam Hits 53 Developers via 30 Malicious npm Packages
Image source: CoinToday
- Fake Polymarket arbitrage bot on GitHub distributes 30 malicious npm packages - Malware steals wallet keys, passwords, and cloud credentials from DeFi developers On July 1, 2026, SlowMist reported that a major supply-chain attack had targeted DeFi developers and Polymarket trading bot users through 30 newly published malicious npm packages. According to SlowMist on July 1, 2026, attackers promoted a fake “polymarket-arbitrage-bot” on GitHub and claimed it could help users generate profits through automated trades on Polymarket. The scam instructed users to place their Polymarket private key in a .env file and run “npm install,” and this step activated hidden malware within the “clob-client-math” dependency. The malware then harvested and exfiltrated sensitive data, including crypto wallet keys, browser passwords, SSH and AWS credentials, and API tokens. SlowMist further reported that at least 53 developers and traders installed the infected packages before security teams identified and blocked the threat. The fake bot quickly gathered attention by leveraging authentic discussions about arbitrage bots within the Polymarket community and, as a result, it reached 36 GitHub stars and 53 forks. Security researchers, according to SlowMist, attribute the operation to North Korean hackers and connect it to a wider campaign named “Contagious Trader,” which targets Web3 and crypto platforms. Meanwhile, SafeDep advises anyone who downloaded or installed the fake polymarket-arbitrage-bot to immediately rotate all private keys, change browser-stored passwords, and replace exposed credentials. In addition, users should review package.json and npm lock files for unknown dependencies, especially packages like “clob-client-math,” and they should avoid npm packages from new or untrusted authors.
Article Info
Category
Market
Published
2026-07-01 15:12
NFT ID
PENDING
News NFT detail

Get the latest news in your inbox!


Recommended News

About Us

 | Contact Us | 

Privacy Policy

 | 

RSS