This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
The package contains malicious code that transfers all funds to a hardcoded address before staking, effectively draining the user's wallet.
Malicious package identified as part of the Bittensor cryptocurrency theft campaign. Contains code designed to steal Bittensor wallet credentials and funds.
Package identified as part of the Bittensor theft campaign discovered by GitLab. Part of a cryptocurrency theft operation targeting Bittensor wallets. Published at 03:15 UTC during the campaign.
Note: This report is updated by a verification record
The package bitensor version 9.9.5 contains malicious code that transfers funds to a hardcoded address. The file bittensor_cli/src/bittensor/extrinsics/transfer.py overwrites the destination address with a hardcoded value, redirecting all transfers to 5FjgkuPzAQHax3hXsSkNtue8E7moEYjTgrDDGxBvCzxc1nqR. Furthermore, the stake_add function in bittensor_cli/src/commands/stake/add.py calls transfer_extrinsic with transfer_all=True to the same hardcoded address before staking, effectively draining the user's wallet. These behaviors strongly indicate malicious intent.