🚨 Critical Supply-Chain Attack Discovered in Polymarket Automation Tool
A serious security incident has been uncovered in the GitHub project polymarket-copy-trading-bot. Embedded within the codebase is a stealthy exploit that activates as soon as the application runs.
The software secretly reads the user’s environment configuration, capturing highly sensitive data such as cryptocurrency wallet secret keys.
The stolen credentials are then quietly relayed to an attacker-operated server via a camouflaged dependency, excluder-mcp-package (v1.0.4).
This component functions without visible indicators, enabling unauthorized control over user wallets and subsequent fund drainage.
This event underscores the dangers of executing open-source trading bots without thorough dependency inspection and reinforces the importance of isolating wallet credentials from untrusted automation software.
