Polymarket Bot Exploit Exposes Private Keys: User Funds at Risk
DM
NewsroomWhat is the new threat targeting crypto traders' wallets?
How does the Polymarket bot exploit private keys?
What precautions can users take to prevent Polymarket bot-related risks?
- Malicious code in Polymarket bot threatens private keys.
- Users urged to act fast to secure vulnerable wallets.
On December 21, 2025, SlowMist revealed a malicious code attack within a Polymarket copy-trading bot hosted on GitHub, compromising users’ wallet private keys. The bot, named "polymarket-copy-trading-bot" and developed by "Trust412," was flagged as a security threat after investigations uncovered its ability to extract sensitive user data.
The bot was specifically designed to read configuration files commonly used by cryptocurrency traders, targeting private key information stored in .env files. These keys were then transmitted to a remote server controlled by the attackers, enabling potential fund theft.
Security researchers categorized the incident as a supply-chain attack, a scenario where legitimate software is compromised to target users. Trust412 reportedly concealed the malicious code across multiple updates, making it difficult for users to detect the threat.
Chief Information Security Officer of SlowMist, 23pds, led the investigation and highlighted the severe risks posed by this breach. Users who downloaded or interacted with the bot have been urged to consider their wallets compromised, cease using the bot immediately, delete affected repositories, and transfer funds to secure wallets. Importantly, the Polymarket platform itself remains unaffected by the exploit.
This attack highlights broader security challenges in the digital asset ecosystem, including the substantial risks associated with unaudited third-party tools. By mid-2025, cryptocurrency-related hacks and scams had resulted in staggering losses, including $2.5 billion stolen in just the first half of the year.
Supply-chain attacks such as this exploit reveal systemic vulnerabilities within the blockchain industry, threatening investor confidence and market stability. They underline the critical importance of due diligence, hardware wallets, and thorough verification processes to mitigate risks for users engaging in decentralized markets.
As digital asset adoption expands, safeguarding the ecosystem against security exploits in supporting software remains a top priority. This incident serves as a reminder of the growing sophistication of cyberattacks and the necessary investments required to protect blockchain networks and their participants.
Get real-time crypto breaking news on Unblock Media Telegram! (Click)
