Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to experience risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Security Alert: Private Key Theft via Compromised Dependencies on GitHub
A serious security alert has been detected affecting developers on the GitHub platform. The project polymarket-copy-trading-bot has been compromised with malicious code that automatically steals users’ private wallet keys during application initialization. This incident poses a significant threat to anyone who has installed or used this repository.
How the key theft occurs
The attack mechanism is sophisticated but effective. When the program starts, the malicious code automatically extracts the private key stored in the user’s .env file. This sensitive information is then exfiltrated to servers controlled by the attackers through a seemingly legitimate dependency package: @easynode/ethers-utils.
The attack exploits the trust developers place in npm libraries. By integrating this compromised dependency, the malicious code runs silently without the user noticing, stealing their most valuable cryptographic credentials.
Identification of the malicious code
The malicious package used in this attack is identified as @easynode/ethers-utils. Its main goal is to intercept the private key before it is used by the legitimate application. Once stolen, the information is transmitted in encrypted form to the attackers’ servers, allowing them full access to the victim’s digital assets.
This dependency injection tactic is particularly dangerous because many developers do not review the source code of all their imported libraries, making it easier for security threats to spread.
Recommendations to protect your assets
If you have used the polymarket-copy-trading-bot project, it is essential to act immediately. First, stop all instances of the program and review your .env files to verify if your private keys have been compromised. Consider that any wallet linked to those credentials could be at risk.
As an additional preventive measure, before installing any npm package, verify its reputation, review its update history, and check included dependencies. Use security analysis tools that can detect malicious code in dependencies before executing them in your local environment.
This security alert emphasizes the importance of maintaining robust secret management practices and code verification in development projects. The GitHub community must remain vigilant against similar threats of dependency compromise.