Blockchain Developer Falls Victim to Coding Job Scam
A blockchain developer named Murat Çeliktepe recently shared a distressing incident in which he lost $500 from his MetaMask Wallet to a scammer posing as a recruiter. The scam began when Çeliktepe was contacted on LinkedIn about a web development job opportunity.
Instructions to Download and Debug Code Lead to Loss
During what seemed like a legitimate job interview, the recruiter instructed Çeliktepe to download and debug code from two npm packages on GitHub. However, after following these instructions, Çeliktepe discovered that his MetaMask wallet had been drained of over $500.
Deceptive Job Listing and Tempting Opportunity
The job listing on Upwork asked for bug fixes and offered an hourly payment of $15 to $20. Intrigued by the opportunity, Çeliktepe decided to take on the challenge. He downloaded the GitHub repositories provided by the recruiter as part of the “tech interview.”
The Convincing Nature of Technical Interviews
Technical interviews often involve tasks like code writing or debugging, making them convincing for individuals with technical expertise. This made the offer appear legitimate even to someone like Çeliktepe, who is an experienced developer.
GitHub Projects and their Validity
The npm projects found in the GitHub repositories provided by the recruiter are valid, as indicated by their format and the presence of package.json manifest files. However, these projects do not appear to have been published on npmjs.com.
Community Support and Attempted Unraveling of the Attack
After sharing his experience on social media, Çeliktepe reached out to the community for help in understanding how the attack occurred. The community provided support and theories, including the possibility of a reverse shell being deployed through the npm projects or passwords being copied from a web browser.
Hot Take: Be Cautious of Job Opportunities and Code Downloads
This incident serves as a reminder to be cautious when encountering job opportunities and downloading code from unknown sources. Always thoroughly vet recruiters and employers, and be wary of any instructions that involve accessing personal accounts or wallets. It’s important to prioritize security and protect your assets in the crypto world.
By
By
By
By
By