DEV Community

NevoSayNevo
NevoSayNevo

Posted on

Why Almost Every Polymarket Trading Bot on GitHub Is Malicious

#polymarket #trading #maliciousbot #scam

And the latest supply-chain attack using a hijacked verified GitHub orgPolymarket has exploded in popularity, and so have “copy-trading” and arbitrage bots. Unfortunately, the vast majority of them on GitHub are either outright malicious or low-quality scams.

Why Most Are Malicious/Garbage

  • High financial incentive: Crypto traders are willing to run random GitHub code if it promises easy profits. Attackers exploit this greed with polished READMEs, fake stars/forks from bot farms, and screenshots of “winning” trades.
  • Low barrier: Creating a convincing-looking repo is cheap. Most bots are forks with minimal changes + hidden malware.
  • Supply-chain attacks are easy: Typosquatted npm packages, obfuscated postinstall scripts, and transitive dependencies let attackers steal keys without obvious malicious code in the main repo.
  • Social proof manipulation: Hijacked legitimate orgs (like dev-protocol), inflated engagement, and deleted warning issues create false legitimacy.
  • Real functionality as cover: Many bots actually connect to Polymarket APIs so victims don’t immediately notice the theft.

In short: If it looks too good to be true and asks for your private key or .env, it probably is.

The Latest Case: Hijacked dev-protocol Org

A verified Japanese DeFi GitHub organization (dev-protocol) was compromised around February 2026 and turned into a distribution hub for malicious Polymarket bots.

Attackers created 20+ repos (e.g. polymarket-copytrading-bot-sport and variants) with professional branding.The trap lives in package.json:

"dependencies": {
  "ts-bign": "1.2.8",      // typosquat for big.js
  "big-nunber": "5.0.2"   // typosquat for bignumber.js
}
Enter fullscreen mode Exit fullscreen mode

These pull in two malicious packages:

  • levex-refa — steals .env files, Solana id.json keypairs, config files, and exfils them to Vercel C2 servers disguised as Cloudflare.
  • lint-builder — runs a postinstall script that installs a persistent SSH backdoor (chown ~/.ssh, enable ufw, open port 22).

The bot itself works perfectly against real Polymarket endpoints — perfect camouflage.

Stay paranoid. Verify everything.

Tags: #security #npm #supplychainattack #polymarket #cryptocurrency #malware #javascript #devops

What has been your experience with open-source trading bots? Have you been burned?

Top comments (0)