New infostealer npm packages hit DeFi developers and Polymarket bot users via fake GitHub project
AI Market Summary
A GitHub-hosted fake Polymarket trading-bot project used ~30 malicious npm packages to deploy an infostealer, compromising at least 53 developers and targeting wallet private keys and browser-saved credentials. While not a direct chain or protocol exploit, the incident highlights supply-chain risk in DeFi developer tooling and automated trading infrastructure. Given user overlap with the Polymarket ecosystem, near-term sentiment toward POL and related onchain tooling security may weaken.
Impact level
● Medium
Affected assets
POL/USDT+3.90%
AI Insight · POL/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
Hackers have published a GitHub repository posing as an open-source trading bot for the Polymarket prediction market, using it to distribute an infostealing trojan through 30 malicious npm packages. At least 53 developers have been infected so far.
The malware is designed to harvest high-value credentials, including crypto wallet private keys and passwords stored in browsers. The incident highlights weaknesses across the DeFi developer toolchain and automated trading infrastructure. While there is no indication that any specific blockchain or protocol was directly attacked, the victim profile overlaps heavily with the Ethereum and Polymarket ecosystems (POL is the platform's native token), a dynamic that is likely to weigh on near-term confidence in the security of on-chain tooling.