gdex-trading

This file is documentation and example usage, not implementation code. It does not itself contain malware, but it instructs users to provide raw private keys to an SDK and to store secrets in .env, which is a high-risk practice: if the SDK or its backend is malicious or compromised it could sign and send unauthorized transactions. Recommend treating the SDK as untrusted until its source and behavior are audited, avoid embedding private keys in environment files, and use external signing methods (hardware wallet or remote signer).

This document is a README describing a trading bot and custodial deposit flow. It contains risky operational guidance: hardcoded example API keys and instructions to send funds to operator-controlled custodial addresses (same EVM address across chains). Those patterns present significant financial and trust risks — users surrender custody and may lose funds if the operator or backend is malicious or compromised. From this README alone there is no definitive code-level malware, but the custodial deposit design and published example credentials are dangerous in practice. Recommend: do NOT send funds to custodial addresses without auditing the codebase (src/*.ts), the gdex.pro-sdk, and the remote service operators; remove or rotate any example API keys; and require decentralized user-controlled custody patterns or audited smart contracts before depositing real funds.