{"campaign":{"name":"Crypto Wallet Drainers","slug":"crypto-wallet-drainers","href":"/ti/campaigns/crypto-wallet-drainers","description":"npm packages using Polymarket and DeFi trading lures to steal cryptocurrency wallet private keys and drain victim funds.","objective":"Steal cryptocurrency wallet keys and drain victim funds.","aliases":[],"discovered_at":"2026-04-29"},"packages":[{"ecosystem":"npm","name":"redeem-onchain-sdk","href":"/ti/packages/npm/redeem-onchain-sdk","threat_types":["crypto_drainer"],"versions":["1.0.0"]},{"ecosystem":"npm","name":"polymarket-trading-cli","href":"/ti/packages/npm/polymarket-trading-cli","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-terminal","href":"/ti/packages/npm/polymarket-terminal","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-trade","href":"/ti/packages/npm/polymarket-trade","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-auto-trade","href":"/ti/packages/npm/polymarket-auto-trade","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-copy-trading","href":"/ti/packages/npm/polymarket-copy-trading","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-bot","href":"/ti/packages/npm/polymarket-bot","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-claude-code","href":"/ti/packages/npm/polymarket-claude-code","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-ai-agent","href":"/ti/packages/npm/polymarket-ai-agent","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]},{"ecosystem":"npm","name":"polymarket-trader","href":"/ti/packages/npm/polymarket-trader","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"]}],"indicators":[{"kind":"ipv4","value":"18.208.244.120","href":"/ti/ioc/ipv4/18.208.244.120","context":"IP address indicator from blog post"},{"kind":"md5","value":"0123456789abcdef0123456789abcdef","href":"/ti/ioc/md5/0123456789abcdef0123456789abcdef","context":"MD5 hash from blog post"},{"kind":"domain","value":"polymarketbot.polymarketdev.workers.dev","href":"/ti/ioc/domain/polymarketbot.polymarketdev.workers.dev","context":"Network indicator from blog post"},{"kind":"sha256","value":"e01b85c1437085a519217338fe4ee5ed7858c28a10f8c1477b2f1857c3386edb","href":"/ti/ioc/sha256/e01b85c1437085a519217338fe4ee5ed7858c28a10f8c1477b2f1857c3386edb","context":"SHA-256 hash from blog post"},{"kind":"email","value":"dmtnatpepes@proton.me","href":"/ti/ioc/email/dmtnatpepes@proton.me","context":"Email indicator from blog post"}],"ttps":[{"name":"Supply Chain Compromise: Compromise Software Dependencies and Development Tools","mitre_attack_id":"T1195.001","href":"/ti/ttps/T1195.001"},{"name":"Command and Scripting Interpreter: JavaScript","mitre_attack_id":"T1059.007","href":"/ti/ttps/T1059.007"},{"name":"Exfiltration Over C2 Channel","mitre_attack_id":"T1041","href":"/ti/ttps/T1041"},{"name":"Unsecured Credentials: Private Keys","mitre_attack_id":"T1552.004","href":"/ti/ttps/T1552.004"},{"name":"Unsecured Credentials: Credentials In Files","mitre_attack_id":"T1552.001","href":"/ti/ttps/T1552.001"},{"name":"Application Layer Protocol: Web Protocols","mitre_attack_id":"T1071.001","href":"/ti/ttps/T1071.001"},{"name":"Web Service","mitre_attack_id":"T1102","href":"/ti/ttps/T1102"},{"name":"Event Triggered Execution","mitre_attack_id":"T1546","href":"/ti/ttps/T1546"}],"related_campaigns":[],"reports":[{"title":"Malicious redeem-onchain-sdk npm Targets Crypto Wallets","url":"https://safedep.io/redeem-onchain-sdk-polymarket-npm-malware","published_at":"2026-04-29"},{"title":"Polymarket npm Packages Steal Crypto Wallet Keys","url":"https://safedep.io/malicious-polymarket-npm-crypto-wallet-drainer","published_at":"2026-05-21"}]}