NPM Supply Chain Heist: How Fake Polymarket Packages Are Draining Crypto Wallets and What You Must Do Now + Video

Listen to this Post

Featured Image

Introduction:

The npm ecosystem, the lifeblood of JavaScript development, is under siege. A sophisticated, coordinated supply chain attack has deployed over 30 malicious packages disguised as legitimate Polymarket trading tools, targeting DeFi developers and automated trading bot users. This campaign, attributed to North Korean threat actors running the “Contagious Trader” operation, uses a fake GitHub repository and typosquatted package names to deliver an infostealer capable of harvesting cryptocurrency wallet private keys, browser credentials, SSH keys, and cloud service tokens—putting millions in digital assets at risk.

Learning Objectives:

  • Identify malicious npm packages masquerading as Polymarket and DeFi tooling through typosquatting and social engineering tactics
  • Understand the multi-stage attack chain—from lure repository to postinstall payload execution
  • Implement practical detection and mitigation strategies to secure development environments against supply chain compromises

You Should Know:

  1. The Attack Chain: From GitHub Lure to Wallet Drainer

The attackers executed a textbook software supply chain compromise that began months before the first malicious package was published. On January 29, 2026, the threat actor created a GitHub repository named FrondEnt/PolymarketBTC15mAssistant—a credible-looking Polymarket trading terminal with a detailed README, proxy documentation, and an authentic commit history. This repository served as the social engineering lure, establishing legitimacy before any malicious code was ever published to npm.

The npm campaign itself was meticulously staged. On June 23, 2026, the account `haha1999` published polymarket-stake-math. The first two versions were clean, functional Kelly criterion math libraries with no install hooks. A reviewer glancing at the early release would see nothing suspicious—a legitimate utility package. Then came version 3.4.0, published minutes later, which injected a 2,255-line infostealer (collector.js) via a `postinstall` script.

The attack employed four distinct delivery techniques across ten coordinated npm maintainer accounts:

  • Dropper: Malicious code executed during package installation
  • Direct Embed: Infostealer code embedded directly in the package
  • Side-loader: Clean package that dynamically loads malicious payload from external sources
  • Self-upgrade: Package that updates itself to a malicious version post-installation

The fake GitHub repository “polymarket-arbitrage-bot” promised over $80,000 in annual profits and accumulated 36 stars and 53 forks before the scam was exposed. The instructions required users to place their Polymarket private key in a `.env` file and run npm install—at which point the malware, hidden inside a dependency called clob-client-math, would execute.

2. The Payload: What Gets Stolen and How

The second-stage infostealer, weighing in at 2,787 to 2,887 lines of JavaScript, is a comprehensive credential harvesting engine. Upon execution, it systematically exfiltrates:

  • Cryptocurrency wallets: MetaMask, Phantom, Solflare, OKX Wallet, Coinbase Wallet, TrustWallet, Backpack, and TronLink vaults
  • Browser credentials: Saved passwords and cookies from Chrome, Firefox, and Brave, parsed via SQLite queries using `sql.js`
    – Developer secrets: SSH private keys, AWS credentials, `.npmrc` tokens, .pypirc, Docker configuration, and GPG keyrings
  • Shell history: Last 10,000 lines from bash, zsh, fish, and PowerShell history files
  • Password managers: Bitwarden vaults, KeePass `.kdbx` files, and 1Password `.1pux` exports
  • Source code scanning: Regex-based extraction of private key patterns, mnemonic phrases, and API tokens from project files

The exfiltration infrastructure is equally sophisticated. The `polymarket-stake-math` package used a Vercel-hosted command-and-control (C2) server that could be hot-swapped at will. Earlier campaigns in this wave exfiltrated Ethereum private keys to Cloudflare Worker endpoints at `https://polymarketbot.polymarketdev.workers.dev/v1/wallets/keys`. The operators share C2 infrastructure across separate accounts and built their dropper from a common template.

3. Detection: How to Identify Compromised Packages

Security firm SafeDep identified the attack by looking for a simple but telling pattern: dependencies listed in `package.json` that are never actually imported or used in the source code. The fake trading bot’s `package.json` listed four dependencies, but only three—the official Polymarket SDK, ethers, and dotenv—were legitimate. The fourth, clob-client-math, was never imported anywhere in the bot’s source code.

To audit your projects, run:

 List all direct dependencies
npm list --depth=0

Check for unused dependencies (requires depcheck)
npx depcheck

Examine package.json for suspicious dependencies
cat package.json | grep -E "(polymarket|kelly|stake|math|clob|bn-lint|ts-precision)"

On Windows (PowerShell):

 List dependencies
npm list --depth=0

Check package.json for suspicious patterns
Select-String -Path package.json -Pattern "polymarket|kelly|stake|math|clob|bn-lint|ts-precision"

Flagged malicious packages identified in this campaign include:

– `polymarket-kelly-math`
– `polymarket-kit`
– `marked-prettier`
– `polymarket-kelly-stake-math` (fourth package added later)
– `clob-client-math`
– `polymarket-stake-math`
– `decimal-format-core`
– `decimal-format-utils`
– `stake-math`
– `kelly-stake`
– `bn-lint`
– `ts-precision`
– `log-taker`
– And over 20 additional packages across ten maintainer accounts

Any computer that has run `npm install` on the fake bot or any project containing these packages should be considered fully compromised.

4. Incident Response: Step-by-Step Remediation

If you suspect compromise, immediate action is critical. Security researchers emphasize that removing the package does not guarantee removal of all malicious software.

Step 1: Isolate the affected system—Disconnect from the network immediately to prevent further data exfiltration.

Step 2: Rotate all credentials from a clean computer—This is non-1egotiable. Generate new:
– Cryptocurrency wallet private keys and seed phrases
– All browser-saved passwords
– AWS credentials, SSH keys, and API tokens
– npm and PyPI tokens

Step 3: Audit package-lock.json and yarn.lock:

 Check for malicious packages in lock files
grep -E "polymarket-kelly-math|polymarket-kit|marked-prettier|polymarket-kelly-stake-math|clob-client-math" package-lock.json

On Windows
findstr "polymarket-kelly-math polymarket-kit marked-prettier" package-lock.json

Step 4: Remove malicious packages:

npm uninstall polymarket-kelly-math polymarket-kit marked-prettier clob-client-math

Step 5: Scan for persistence mechanisms—Check for unexpected cron jobs, startup items, or scheduled tasks that may have been installed by the malware.

Step 6: Run a full antivirus and anti-malware scan on the affected system.

Step 7: Consider a full system rebuild—Given the sophistication of the infostealer, the safest approach is to wipe and reinstall the operating system from trusted media.

5. Prevention: Hardening Your npm Supply Chain

The Polymarket attack highlights systemic weaknesses in the npm ecosystem. Here are practical measures to protect your development environment:

Verify package sources—All malicious packages were published by brand-1ew npm accounts with no publishing history. Before installing any package:

 Check package metadata
npm view <package-1ame> time
npm view <package-1ame> maintainers

Implement dependency auditing:

 Run npm audit to check for known vulnerabilities
npm audit

Use a security tool like Socket or SafeDep for deeper analysis
npx @socketsecurity/cli scan

Use integrity checks—Enable npm’s package integrity verification:

 Enable strict SSL and integrity checking
npm config set strict-ssl true
npm config set package-lock true

Lock dependency versions—Use exact versions in `package.json` and commit `package-lock.json` to detect unexpected changes.

Review dependencies before installation—Look for:

  • Packages with suspiciously similar names to legitimate libraries (typosquatting)
  • Dependencies that are never imported in your code
  • Packages with `postinstall` or `preinstall` scripts that execute arbitrary code

Use a private npm registry or proxy—Tools like Verdaccio or JFrog Artifactory allow you to cache and vet packages before they reach your developers.

Implement CI/CD scanning—Integrate security scanning into your pipeline to catch malicious dependencies before they reach production.

  1. The Broader Context: A Wave of Polymarket-Themed Malware

The `polymarket-kelly-math` campaign is not an isolated incident. It represents the latest entry in a sustained 2026 wave of Polymarket-themed npm malware. In May 2026, nine coordinated npm packages were published within a two-minute window by the maintainer polymarketdev, exfiltrating Ethereum private keys to a Cloudflare Worker. In April 2026, the package `[email protected]` was discovered executing four attack chains: system fingerprinting, SSH backdoor installation on Linux hosts, filesystem exfiltration, and targeted theft of Polymarket CLOB API credentials.

The attackers are exploiting the massive financial stakes involved. Polymarket has hundreds of millions in open interest, and legitimate trading bots have generated extraordinary returns—one bot turned $313 into $414,000 in a single month, while another made $2.2 million over two months. This track record makes fake bots look believable to traders chasing easy profits.

What Undercode Say:

  • Supply chain attacks are becoming the preferred vector for cryptocurrency theft—The npm ecosystem’s trust model is being systematically exploited, with attackers investing months in building credible lures before deploying malicious code. The `FrondEnt/PolymarketBTC15mAssistant` repository was created nearly five months before the npm packages appeared.

  • The “clean-first” technique is a game-changer—Publishing benign versions before injecting malware allows attackers to bypass initial scrutiny. This tactic, observed in the `polymarket-stake-math` package where the first two versions were clean, makes detection significantly harder. Security tools must monitor package version history, not just current state.

  • Social engineering remains the weakest link—The attack succeeded不是因为 technical vulnerabilities in npm, but because developers trusted a polished GitHub repository with 36 stars and 53 forks. The attackers understood that developers trust social proof—stars, forks, and detailed READMEs—more than they verify package authenticity.

  • The infostealer’s scope is alarming—The ability to harvest browser cookies, password manager vaults, SSH keys, AWS credentials, and cryptocurrency wallets from a single `npm install` demonstrates how much sensitive data resides on developer machines. This is not a targeted attack on a specific wallet; it’s a wholesale compromise of the entire development environment.

  • Remediation is expensive and disruptive—Treating a compromised system as “fully owned” and rotating every credential, from wallet keys to cloud tokens, is a massive operational burden. Organizations must invest in preventive measures—private registries, dependency scanning, and developer security training—rather than relying on reactive incident response.

Prediction:

  • -1 The npm ecosystem will continue to be a prime target for supply chain attacks, with attackers investing increasingly sophisticated social engineering campaigns. The “clean-first, malicious-later” technique will become standard operating procedure for advanced threat actors.

  • -1 DeFi platforms like Polymarket will face ongoing reputational damage as attackers weaponize their brand names. Even though these attacks target developer tooling rather than the platforms themselves, user confidence in the broader ecosystem will erode.

  • +1 The incident will accelerate adoption of software supply chain security solutions, including private package registries, automated dependency scanning, and zero-trust development environments. Organizations that previously treated npm security as an afterthought will now prioritize it.

  • -1 We can expect to see copycat attacks targeting other high-value DeFi platforms—dYdX, Uniswap, Aave, and others—as attackers replicate the Polymarket playbook. The typosquatting and social engineering techniques used here are easily adaptable.

  • +1 The security community will develop better detection tools for identifying unused dependencies and suspicious `postinstall` scripts. The simple heuristic of “dependencies listed but never imported” is a powerful signal that more tools will incorporate.

▶️ Related Video (72% Match):

https://www.youtube.com/watch?v=2ehrjxWTmlQ

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Hexploit Three – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky