The hidden threat of copy trading bots: users' private keys are at risk

Risks You Need to Be Aware of Amid the Current Copy Trading Boom Have Been Revealed. In mid-December, the security industry issued a serious warning: tools inadvertently installed when downloading Polymarket copy trading bots may contain hacker tools designed to steal private keys.

The Hidden Malicious Code on GitHub

According to a security alert shared by (CISO), Chief Information Security Officer of SlowMist Technology, some developers of Polymarket copy trading bots intentionally concealed malicious code on GitHub, a code sharing platform.

The operation of this malicious code is highly sophisticated. When a user runs the copy trading program, the system automatically detects and collects the “.env” file where the wallet’s private keys are stored. It then transmits the private keys to the hacker’s remote server, exposing the user’s assets.

Repeated Concealment as Evidence of Malicious Intent

The concerning part is that developers repeatedly modified the code to continuously disguise the malicious package. This indicates deliberate malicious intent, not mere coincidence.

CISO 23pds warned, “This is not the first time such cases have been discovered, and similar threats are likely to appear in the future,” urging users to stay vigilant. Security experts are aware that similar attack patterns have occurred multiple times and expect cybercriminals to keep trying new methods.

How Users Should Approach Copy Trading Tools

Users interested in copy trading should remember a few key points. First, only download tools from platforms with clear and verified sources. When using platforms like GitHub, thoroughly check the developer’s reputation and community reviews. Special caution should be exercised with programs handling sensitive information, such as “.env” files.

Ignoring warnings from security experts like SlowMist is unwise; always evaluate new copy trading tools with a cautious and skeptical mindset—this is the mark of a wise investor.