A blockchain developer fell sufferer to a crypto rip-off after responding to a seemingly respectable Upwork job.
Dangerous actors have turned to Upwork in an effort to lure blockchain builders into downloading malicious software program, enabling them to empty cryptocurrencies from non-custodial wallets. As per a BleepingComputer report, rip-off recruiters are instructing victims through LinkedIn to obtain and debug code from two malicious npm packages, hosted on a GitHub repository.
As soon as builders execute the packages, a malicious script good points entry to their gadgets. In an interview with BleepingComputer, Antalya-based blockchain developer Murat Çeliktepe revealed shedding over $500 from his MetaMask pockets in crypto after opening the npm packages, offering scammers with distant entry to his gadget.
The incident extends past Çeliktepe, because the report notes different builders reporting comparable encounters with the identical recruiters on LinkedIn, highlighting the prevalence of scams concentrating on blockchain builders.
Scammers appear to proceed concentrating on blockchain builders by way of job platforms like LinkedIn and Upwork, showcasing a persistent technique. In an incident in 2022, North Korea-affiliated hackers managed to pilfer $600 million from the Axie Infinity blockchain recreation by sending a faux job supply in a malicious PDF file through LinkedIn to an engineer from Sky Mavis, an organization behind the web3 recreation.