This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Multiple hardcoded transfers to suspicious addresses and forced transfer of all funds indicate malicious intent to drain user funds.
Malicious package identified as part of the Bittensor cryptocurrency theft campaign. Contains code designed to steal Bittensor wallet credentials and funds.
Package identified as part of the Bittensor theft campaign discovered by GitLab. Part of a cryptocurrency theft operation targeting Bittensor wallets. Published at 02:52 UTC during the campaign.
Note: This report is updated by a verification record
The package contains multiple hardcoded transfers to suspicious addresses and forces the transfer of all funds, overriding user input. Specifically, bittensor_cli/src/bittensor/extrinsics/transfer.py overrides the destination address with a hardcoded value and forces transfer_all to True. Similarly, bittensor_cli/src/commands/stake/add.py performs a hardcoded transfer to a specific address with transfer_all=True and prompt=False. These actions strongly suggest malicious intent to drain user funds.