Blockchain Developer’s MetaMask Wallet Emptied in Deceptive Job Interview

A blockchain developer, Murat Çeliktepe, has shared a distressing incident recounting a holiday experience that resulted in the loss of $500 from his MetaMask Wallet to an individual posing as a ‘recruiter.’

Notably, Çeliktepe was initially contacted on LinkedIn under the pretense of a genuine web development job opportunity.

Developer Falls Prey to Coding Job Scam

During the purported job interview, the recruiter instructed Çeliktepe to download and debug the code from two npm packages, namely “web3_nextjs” and “web3_nextjs_backend,” both hosted on a GitHub repository.

Unfortunately, shortly after complying with the instructions, the developer discovered that his MetaMask wallet had been depleted, exceeding $500 fraudulently withdrawn from his account.

The Upwork job listing requests applicants to “fix bugs and responsiveness [sic] on website” and claims to offer an hourly payment between $15 and $20 for a task expected to be completed in less than a month.

Intrigued by the opportunity, Çeliktepe, who prominently displays an “#OpenToWork” tag on his LinkedIn profile picture, decided to take on the challenge. He downloaded the GitHub repositories the recruiter provided as part of the “tech interview.”

Engaging in technical interviews often involves take-home exercises or proof-of-concept (PoC) assignments, including tasks such as code writing or debugging. This makes the offer particularly convincing, even for individuals with technical expertise, such as developers.

It’s worth noting that the applications found in the mentioned GitHub repositories [1, 2] are valid npm projects, as evidenced by their format and the presence of the package.json manifest. However, these projects do not seem to have been published on npmjs.com, the largest open-source registry for JavaScript projects.

Community Steps Up to Unravel Attack’s Mystery

After sharing his unfortunate experience on social media, Çeliktepe reached out to the community for assistance in understanding the mechanics of the attack. Despite scrutinizing the code within the GitHub repositories, he remains uncertain about the method used to breach his MetaMask wallet as he did not store his wallet recovery phrase on his machine.

In response to Çeliktepe’s plea for help, the community rallied with genuine support and opportunistic crypto bots offering assistance. Unfortunately, scam accounts also emerged, enticing him to connect with fraudulent “MetaMask support” Gmail addresses and Google forms.

Insights from the community suggest that the npm projects executed by Çeliktepe might have allowed the attacker to deploy a reverse shell, potentially exposing vulnerabilities on the developer’s machine.

Other theories proposed by community members include the possibility that, instead of infecting the developer’s machine with malware, the illicit npm project might have copied passwords from a web browser with auto-fill enabled.

Additionally, some speculate that the code voluntarily run during the “tech interview” might have intercepted his network traffic, contributing to the security breach.

Read the full article here

Share
Facebook
Pinterest
Twitter
WhatsApp
LinkedIn
Email
Telegram
Related News
Comment

Leave A Reply

Your road to financial

freedom starts here

With our platform as your starting point, you can confidently navigate the path to financial independence and embrace a brighter future.

Registered address:

First Floor, SVG Teachers Credit Union Uptown Building, Kingstown, St. Vincent and the Grenadines

CFDs are complex instruments and have a high risk of loss due to leverage and are not recommended for the general public. Before trading, consider your level of experience, relevant knowledge, and investment objectives and seek financial advice. Vittaverse does not accept clients from OFAC sanctioned jurisdictions. Also, read our legal documents and make sure you fully understand the risks involved before making any trading decision