Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys

The StepSecurity threat intelligence team discovered that the dev-protocol GitHub organization, a verified account with 568 followers belonging to a legitimate Japanese DeFi project, has been compromised. Attackers are using the hijacked organization to distribute malicious Polymarket trading bots designed to steal wallet keys. This supply chain attack leverages the trust and credibility of the legitimate organization to distribute malware targeting cryptocurrency users. The incident highlights the risks of supply chain attacks through compromised development platforms and repositories.