慢雾 CISO：警惕某 Polymarket 跟单交易机器人程序中隐藏恶意代码窃取私钥

链捕手

Dec 21, 2025

ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台转发社区用户推文显示，某 Polymarket 跟单交易机器人程序开发者在 GitHub 代码中隐藏恶意代码，启动程序会自动读取用户的 “.env” 文件（里面有钱包私钥），然后把私钥发送到黑客服务器并窃取私钥，导致资金被盗，该程序作者反复修改并多次在 GitHub 上提交代码，故意隐藏恶意包。23pds 表示，需警惕这种方式，“不是第一次，也不会是最后一次”。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2593123631"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2593123631\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2593123631?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-12-21 11:36","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2593123631","market":"sh","top_or_hot":-1,"title":"慢雾 CISO：警惕某 Polymarket 跟单交易机器人程序中隐藏恶意代码窃取私钥","media":"链捕手","content":"<html><body><p>ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台转发社区用户推文显示，某 Polymarket 跟单交易机器人程序开发者在 GitHub 代码中隐藏恶意代码，启动程序会自动读取用户的 “.env” 文件（里面有钱包私钥），然后把私钥发送到黑客服务器并窃取私钥，导致资金被盗，该程序作者反复修改并多次在 GitHub 上提交代码，故意隐藏恶意包。23pds 表示，需警惕这种方式，“不是第一次，也不会是最后一次”。</p></body></html>","source":null,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>慢雾 CISO：警惕某 Polymarket 跟单交易机器人程序中隐藏恶意代码窃取私钥</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n慢雾 CISO：警惕某 Polymarket 跟单交易机器人程序中隐藏恶意代码窃取私钥\n</h2>\n\n<h4 class=\"meta\">\n\n\n<a class=\"head\" href=\"https://laohu8.com/wemedia/1041503808\">\n\n\n<div class=\"h-thumb\" style=\"background-image:url(https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5);background-size:cover;\"></div>\n\n<div class=\"h-content\">\n<p class=\"h-name\">链捕手 </p>\n<p class=\"h-time\">2025-12-21 11:36</p>\n</div>\n\n</a>\n\n\n</h4>\n\n</header>\n<article>\n<html><body><p>ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台转发社区用户推文显示，某 Polymarket 跟单交易机器人程序开发者在 GitHub 代码中隐藏恶意代码，启动程序会自动读取用户的 “.env” 文件（里面有钱包私钥），然后把私钥发送到黑客服务器并窃取私钥，导致资金被盗，该程序作者反复修改并多次在 GitHub 上提交代码，故意隐藏恶意包。23pds 表示，需警惕这种方式，“不是第一次，也不会是最后一次”。</p></body></html>\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4134","symbol_name":"信息科技咨询与其它服务","start_time":0,"source_url":"https://www.chaincatcher.com/article/2231454","article_id":"2593123631","we_media_id":"1041503808","thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2593123631","pubTimestamp":1766288204,"columns":[],"sourceInfo":null,"weMediaInfo":{"media_name":"链捕手","introduction":"链捕手ChainCatcher 成立于 2018 年，是一家领先的中文 Web3 媒体及数据服务商。","home_visible":1,"id":"1041503808","head_image":"https://community-static.tradeup.com/news/64f0784cc29a0d0070f6e968ef6ec7f5"},"summary":" ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台转发社区用户推文显示，某 Polymarket 跟单交易机器人程序开发者在 GitHub 代码中隐藏恶意代码，启动程序会自动读取用户的 “.env” 文件（里面有钱包私钥），然后把私钥发送到黑客服务器并窃取私钥，导致资金被盗，该程序作者反复修改并多次在 GitHub 上提交代码，故意隐藏恶意包。23pds 表示，需警惕这种方式，“不是第一次，也不会是最后一次”。 ","collect":0,"end_time":0,"defaultTopTitle":"","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BK4134":"信息科技咨询与其它服务","CISO":"CISO Global"},"translate_title":"Slow Fog CISO: Beware of hidden malicious code in a Polymarket copy trading robot program to steal private keys","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"CISO":1.5},"content_text":"ChainCatcher 消息，慢雾科技首席信息安全官 23pds 在 X 平台转发社区用户推文显示，某 Polymarket 跟单交易机器人程序开发者在 GitHub 代码中隐藏恶意代码，启动程序会自动读取用户的 “.env” 文件（里面有钱包私钥），然后把私钥发送到黑客服务器并窃取私钥，导致资金被盗，该程序作者反复修改并多次在 GitHub 上提交代码，故意隐藏恶意包。23pds 表示，需警惕这种方式，“不是第一次，也不会是最后一次”。","kind":"highlight","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"-1","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}