Blockchain Developer's Wallet Emptied in "Job Interview"

[vtqhtr413]

Content source

https://www.bleepingcomputer.com/news/security/blockchain-devs-wallet-emptied-in-job-interview-using-npm-package/

Antalya-based Murat Çeliktepe, a blockchain and web developer, shared this week how he was approached by a "recruiter" on LinkedIn with an Upwork job posting that looked legitimate. As a part of the job interview, the recruiter asked Çeliktepe to download and debug the code in two npm packages—"web3_nextjs" and "web3_nextjs_backend" hosted on a GitHub repository. However, moments later, the developer discovered that his MetaMask wallet had been drained—with upwards of $500 siphoned out of his account, based on the information seen by BleepingComputer.

The Upwork job posting asks the applicant to "fix bugs and responsiveness on website" and claims to pay between $15 and $20 hourly for a task expected to take under a month.

Çeliktepe, whose LinkedIn profile picture bears the "#OpenToWork" tag, decided to give this challenge a go and downloaded the GitHub repositories shared by the recruiter, as a part of the "tech interview." It isn't unusual for legitimate tech interviews to involve some kind of take-home exercise or proof-of-concept (PoC) assignment involving code writing or debugging, which makes the lure highly convincing even for technically savvy people, like developers.

Blockchain dev's wallet emptied in "job interview" using npm package

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet...

www.bleepingcomputer.com