The real story of why you should be vigilant about job offers.
Recently, Turkish blockchain developer Murat Celiktepe told the world about a new scam scheme that he personally got into while communicating with a "recruiter" on LinkedIn.
Celiktepe, who is currently actively looking for a job, noted this fact on his LinkedIn profile and soon received a job offer through the Upwork platform, which looked quite real and legitimate.
As part of the "technical interview", the recruiter asked Celiktepe to download and debug the code from two npm packages — "web3_nextjs" and "web3_nextjs_backend", hosted in the GitHub repository.
According to the instructions provided, the developer cloned both GitHub repositories and started debugging his instance to find the problem, while running both front-end and back-end applications locally on his computer.
After completing the task, the man attended an online meeting with the person who contacted him on LinkedIn and explained the solution. It turned out that Celiktepe coped brilliantly with the task, which he was very happy about. At least until he noticed that his MetaMask wallet with some amount of Ethereum cryptocurrency was completely emptied. The developer lost about $ 538 in an unknown way.
Celiktepe asked the community for help to understand the attack mechanism. Some experts suggested that the attacker could have used a reverse shell to access the developer's machine by opening port 5000. Other theories suggest that malicious code may have copied passwords from a web browser or intercepted network traffic.
However, Celiktepe says that he never stored the secret recovery phrase for the MetaMask wallet on his computer and therefore does not understand how attackers were able to break into his crypto account in the first place, even if they managed to gain access to his computer.
Whatever the attack vector, Celiktepe is far from the only one who was subjected to such fraudulent manipulations by the same "recruiter".
Therefore, web developers and security researchers should be wary of fake job offers on platforms like Upwork, as this can be fraudulent. And any technical tasks, no matter how harmless they may seem, are best performed on a VM that is separate from the main device.
This incident serves as a reminder that even experienced developers can easily become victims of fraud, because few people expect a trick when completing a test task for employment.
Recently, Turkish blockchain developer Murat Celiktepe told the world about a new scam scheme that he personally got into while communicating with a "recruiter" on LinkedIn.
Celiktepe, who is currently actively looking for a job, noted this fact on his LinkedIn profile and soon received a job offer through the Upwork platform, which looked quite real and legitimate.
As part of the "technical interview", the recruiter asked Celiktepe to download and debug the code from two npm packages — "web3_nextjs" and "web3_nextjs_backend", hosted in the GitHub repository.
According to the instructions provided, the developer cloned both GitHub repositories and started debugging his instance to find the problem, while running both front-end and back-end applications locally on his computer.
After completing the task, the man attended an online meeting with the person who contacted him on LinkedIn and explained the solution. It turned out that Celiktepe coped brilliantly with the task, which he was very happy about. At least until he noticed that his MetaMask wallet with some amount of Ethereum cryptocurrency was completely emptied. The developer lost about $ 538 in an unknown way.
Celiktepe asked the community for help to understand the attack mechanism. Some experts suggested that the attacker could have used a reverse shell to access the developer's machine by opening port 5000. Other theories suggest that malicious code may have copied passwords from a web browser or intercepted network traffic.
However, Celiktepe says that he never stored the secret recovery phrase for the MetaMask wallet on his computer and therefore does not understand how attackers were able to break into his crypto account in the first place, even if they managed to gain access to his computer.
Whatever the attack vector, Celiktepe is far from the only one who was subjected to such fraudulent manipulations by the same "recruiter".
Therefore, web developers and security researchers should be wary of fake job offers on platforms like Upwork, as this can be fraudulent. And any technical tasks, no matter how harmless they may seem, are best performed on a VM that is separate from the main device.
This incident serves as a reminder that even experienced developers can easily become victims of fraud, because few people expect a trick when completing a test task for employment.
