This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Package contains hardcoded addresses for fund transfer without user confirmation, indicating malicious intent to steal funds.
Malicious package identified as part of the Bittensor cryptocurrency theft campaign. Contains code designed to steal Bittensor wallet credentials and funds.
Package identified as part of the Bittensor theft campaign discovered by GitLab. Part of a cryptocurrency theft operation targeting Bittensor wallets. Published at 03:02 UTC during the campaign.
Note: This report is updated by a verification record
The package contains hardcoded addresses in bittensor_cli/src/bittensor/extrinsics/transfer.py and bittensor_cli/src/commands/stake/add.py. In bittensor_cli/src/bittensor/extrinsics/transfer.py, the destination address is overwritten with a hardcoded address, redirecting funds. In bittensor_cli/src/commands/stake/add.py, a transfer is initiated to a hardcoded address without user confirmation (prompt=False) and with the intention to transfer the entire wallet balance (transfer_all=True). This behavior strongly suggests malicious intent to drain user funds.