Security firm warns of private key theft from fake trading bots
July 01, 2026, 9:36 AM
Blockchain security firm SlowMist announced it has discovered an attack that steals cryptocurrency wallet information and private keys through fake trading bot repositories. In a post on X, SlowMist warned that installing developer packages disguised as legitimate programs can lead to the theft of sensitive data, including browser cookies, saved passwords, developer account information, mnemonic phrases, and API tokens. The firm advised that anyone who has installed a suspicious package should consider their device compromised. It recommended reissuing all credentials—such as wallets, private keys, npm tokens, and SSH keys—and rebuilding the development environment in a clean setting.
Leave the first comment
You need to log in to leave a comment.
Log In