Wed. May 22nd, 2024
crypto scam

Summary:

  • Web developer falls victim to a scam while responding to a job opportunity on LinkedIn.
  • Scammer uses malicious JavaScript packages during a fake interview to steal crypto from the developer’s MetaMask wallet.
  • Community comes together to analyze the attack’s mechanics and provide support.

The Story:

The LinkedIn Lure

In the vast landscape of LinkedIn opportunities, web developer Murat Çeliktepe stumbled upon what seemed like a genuine job offer. Little did he know, this encounter would lead him into the tangled web of a crypto scam.

The Scam Unfolds

Under the guise of a legitimate web development job, the scammer directed Çeliktepe to download and debug code from GitHub repositories—specifically, npm packages named “web3_nextjs” and “web3_nextjs_backend.” What appeared to be a routine tech interview turned sinister as Çeliktepe found his MetaMask wallet drained of over $500 after executing the tasks.

The Suspicious Job Listing

The Upwork job listing, claiming to offer an hourly payment between $15 and $20, requested applicants to “fix bugs and responsiveness on website.” An enticing opportunity that eventually led Çeliktepe down a perilous path.

Community Comes to the Rescue

After sharing his ordeal on social media, Çeliktepe sought help from the crypto community. Genuine support poured in, but so did scam accounts posing as “MetaMask support.” Despite scrutinizing the GitHub repositories, the exact method of the attack remains elusive.

Unraveling the Mystery

As the community delved into the code, theories emerged. The npm projects might have allowed the attacker to deploy a reverse shell, exposing vulnerabilities. Other speculations include password interception from auto-filled browsers and network traffic interception during the “tech interview.”

Conclusion:

Çeliktepe’s cautionary tale sheds light on the deceptive tactics used in crypto job scams. The incident calls for heightened awareness within the community and serves as a reminder to approach online opportunities with diligence. Stay vigilant, and together, we can outsmart the scammers lurking in the shadows of the crypto landscape. 💡🕵️‍♂️

By Julia

Related Post