Supply-chain threat intelligence
Risk score
92
Indexed incident for polymarket-trading-developer-tools (npm).
Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign targeting Polymarket developers. polymarket-trading-developer-tools uses a dropper technique: a postinstall hook downloads configuration from pm-trading-dev-tools-be.vercel.app and exfiltrates data to the shared C2 polymarket-clob-service.vercel.app. The payload harvests cryptocurrency wallet vaults, browser credentials, SSH keys, AWS credentials, developer secrets, shell history, and password manager databases.
Affected versions
Indicators
Timeline