Crypto trading bots are weaponizing GitHub Trending against retail

What happened

Three repositories surfaced near the top of GitHub Trending this week, all following an identical playbook. `ShinyaTomitsuka/arbitrage-trading-bot` (score 340) advertises itself as a Polymarket arbitrage bot. `SigmaTradeLabs/aster-bot` (296) targets asterDEX perp traders. `Novaquant-labs/hyperliquid-trading-bot` (295) goes after Hyperliquid users. Three different surfaces, three different fake-sounding orgs, three different chains — and three READMEs that read like SEO spam from 2011.

The READMEs aren't subtle. The Polymarket repo's description repeats the phrase "polymarket trading bot" fifteen times in a row, followed by a single trailing "bot" — no installation instructions, no code architecture, no license discussion, no contributor guide. The asterDEX repo cycles "asterDEX trading bot, perp trading, asterDEX auto trading bot" five times. The Hyperliquid one runs the same trick with "hyperliquid trading bot, perp trading bot, hyperliquid profitable trading bot" four times. The pattern is so mechanical it's almost insulting — it's the kind of keyword stuffing a junior SEO contractor would have been fired for a decade ago, and it's working on GitHub's discovery surface in 2026.

None of these accounts have meaningful history. The org names — "SigmaTradeLabs," "Novaquant-labs" — are calibrated to sound like real quant shops to a retail trader skimming a feed at midnight. The trending scores in the 290-340 range are well within reach of star-purchasing services that have been operating openly on Fiverr-adjacent marketplaces, where a few hundred GitHub stars from aged accounts costs less than a steam game.

Why it matters

The interesting thing isn't that someone is gaming GitHub Trending — that's been a known issue for years. The interesting thing is who the bait is targeting and what's almost certainly inside the code. This is no longer generic crypto-adjacent spam; it's a targeted supply-chain attack on retail derivatives traders, distributed through a channel that developers reflexively trust.

Polymarket, asterDEX, and Hyperliquid share a profile: high-volatility venues popular with retail users who are technical enough to clone a repo and run a Python script, but not technical enough to audit one. A "profitable trading bot" on Hyperliquid is exactly the dream these users came in chasing. The pattern from prior campaigns in this space is consistent — the code does one of three things: it asks for an API key with withdrawal permissions and drains the wallet, it ships an obfuscated dependency that exfiltrates `~/.config` directories and browser keychains, or it routes orders through an attacker-controlled relay that front-runs the user's own trades. Each of these has been documented in the wild against earlier crypto-bot waves; we have no reason to believe these three are the exception.

The second-order problem is downstream of GitHub itself. Trending is now an input to a dozen developer-facing products — IDE "discover" panels, newsletter scrapers, AI coding assistants that recommend libraries, even GitHub's own Copilot suggestions in certain contexts. When the ranking gets gamed, every system built on top of it inherits the compromise. A junior dev asking their AI assistant "what's a good Hyperliquid bot to start from" in six months may get one of these repos cited by name, with the implied authority of "this was trending on GitHub."

The community response has been muted, which is the most telling signal. There's no GitHub blog post about Trending integrity. There's no obvious abuse-reporting workflow that resolves in hours instead of weeks. Compare this to npm, which now ships Sigstore attestations and provenance metadata by default — GitHub's discovery layer is still operating on raw star counts and recency, the same primitives it shipped in 2013.

What this means for your stack

If you operate any system that ingests GitHub Trending as a signal — a tools directory, a newsletter, an internal Slack bot that surfaces "hot repos," an AI training pipeline — treat Trending as adversarial input, not editorial signal, and gate it on at least one independent quality check before surfacing it to humans. Useful filters: minimum repo age (90 days), commit history depth (more than one author with non-trivial commits), README structure (presence of an actual usage section, not just keyword bingo), and the absence of obvious red flags like keyword repetition above a threshold or org names that match the "$adjective-$labs" template.

For your own workflow: if you're cloning a trading bot, a crypto tool, or anything that touches credentials or signing keys, the cost of a fresh dedicated machine or VM is now lower than the cost of one compromised seed phrase. Run it in isolation, never on your daily-driver developer machine with your SSH keys, your AWS profile, and your browser keychain sitting on the same disk. This isn't paranoia; it's the same threat model the npm and PyPI ecosystems formalized two years ago when typosquatting became routine.

For team leads, this is also a teaching moment for juniors who have grown up trusting GitHub the way an earlier generation trusted Stack Overflow's top answer. The star count is a popularity metric, not a quality metric, and on a long enough timeline every popularity metric without skin-in-the-game cost gets arbitraged. Build the muscle to read a repo's commit graph, contributor list, and dependency tree before you `git clone` anything that's going to touch money or secrets.

Looking ahead

GitHub will eventually ship some form of Trending hardening — provenance scoring, account-age weighting, or active de-ranking of obvious spam patterns — because the alternative is letting an entire class of attack persist on the front page of the world's largest code host. Until then, the burden is on consumers of the signal: every aggregator, IDE, AI assistant, and human dev who looks at Trending needs to treat it the way a smart trader treats unverified alpha from a Telegram group. Useful as a lead, never as a conclusion.