Supply-chain threat intelligence
Risk score
92
Indexed incident for polymarket-clob-maths (npm).
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-clob-maths uses a dropper technique: a postinstall hook fetches a remote bundle from trabalhos-flax.vercel.app and executes a syncSession() function that runs a second-stage infostealer. The payload harvests cryptocurrency wallet vaults, browser credentials, SSH keys, AWS credentials, developer secrets, and password manager databases, then exfiltrates the data to the attacker-controlled C2.
Affected versions
Indicators
Timeline