Security Alert: Malicious Bot on GitHub Steals Users' Private Keys

A serious incident has put GitHub developers at risk. It has been discovered that a bot disguised as a legitimate follower has infiltrated projects with malicious code, aiming to steal users’ private wallet keys. This security alert requires immediate attention from anyone working with cryptocurrencies.

How does the malicious bot attack work?

The project called polymarket-copy-trading-bot has been compromised with malicious code that operates silently. When the program starts, it automatically locates and reads the user’s private wallet key stored in the .env configuration file. Once it captures this sensitive information, it transmits it through a hidden dependency to servers controlled by attackers.

This mechanism is particularly dangerous because users may not immediately notice the theft. The bot runs in the background during initialization, exfiltrating critical data without showing obvious signs of malicious activity.

Risks to digital assets

Stealing private keys poses an existential threat to crypto funds. With access to these keys, attackers can transfer all assets stored in the wallet without restriction. The loss can be instant and irreversible, as blockchain transactions cannot be reversed.

Urgent protective measures

Every user should immediately review their GitHub repositories and examine any suspicious dependencies in their projects. It is recommended to:

• Change all exposed private keys
• Transfer funds to a secure wallet if a compromise is suspected
• Regularly audit .env files and package dependencies
• Use environment variables with restricted permissions
• Implement code reviews before deploying any changes

This security alert emphasizes the importance of maintaining constant vigilance in development environments and safeguarding cryptographic credentials at all times.