Take-home job exercise empties blockchain developer’s crypto wallet

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a “recruiter” for a web development job.

Antalya-based Murat Çeliktepe, a blockchain and web developer, recently shared his harrowing experience of falling victim to a crypto-stealing scam disguised as a job interview. Approached by a “recruiter” on LinkedIn with an Upwork job posting, Çeliktepe was asked to download and debug code from GitHub repositories. Little did he know that this seemingly innocuous task would result in his MetaMask wallet being emptied of over $500. This incident sheds light on the growing prevalence of scams targeting developers and serves as a cautionary tale for those in the industry.

The lure of a legitimate job posting

In the world of freelance work, job platforms like Upwork have become a popular avenue for professionals to find opportunities. Unfortunately, scammers have also recognized the potential in exploiting these platforms to deceive unsuspecting individuals. In Çeliktepe’s case, the job posting on Upwork appeared legitimate, offering a task that would pay between $15 and $20 per hour. The recruiter’s request to fix bugs and improve website responsiveness seemed like a typical assignment for a web developer.

The convincing nature of the scam

The scam employed by the recruiter was particularly convincing, even for technically savvy individuals like developers. It is not uncommon for tech interviews to include take-home exercises or proof-of-concept assignments that involve code writing or debugging. In this case, the recruiter asked Çeliktepe to download two npm packages, “web3_nextjs” and “web3_nextjs_backend,” from a GitHub repository. These packages appeared to be valid npm projects, complete with package.json manifests. However, they were never published on npmjs.com, raising suspicions in hindsight.

The developer’s unfortunate discovery

As per the assignment instructions, Çeliktepe cloned the GitHub repositories and began debugging the code. He ran both the frontend and backend applications locally on his machine, believing he was working towards a solution for the task. After attending a Google Meet session with the recruiter to discuss his findings, Çeliktepe was under the impression that the assignment was complete. However, a few hours later, he noticed that his Ethereum balance had been drained. Transactions revealed that approximately $538 worth of ETH had been sent to another crypto address.

Seeking answers and community support

Confused and devastated by the loss of his funds, Çeliktepe turned to social media to share his experience and seek help from the community. He shared the codes from the GitHub repositories, hoping that others could shed light on how the attack occurred. Unfortunately, his appeal attracted not only concerned community members but also opportunistic crypto bots and scam accounts posing as “MetaMask support.” The developer’s vulnerability was exploited further by these malicious actors.

The theories and lessons learned

While Çeliktepe and the community continue to investigate the attack, several theories have emerged. One hypothesis suggests that the npm projects ran by the developer allowed the attacker to deploy a reverse shell, potentially gaining access to his machine. Another theory proposes that the illicit npm project copied passwords from a web browser with auto-fill enabled, or intercepted network traffic during the “tech interview.” Regardless of the exact attack vector, it is clear that developers and security researchers should remain vigilant when encountering job offers on career development platforms. Completing take-home exercises on separate machines is a crucial precaution to protect personal and financial information.

Conclusion: The incident involving Murat Çeliktepe serves as a stark reminder of the risks faced by developers in an increasingly digital world. Scammers are becoming more sophisticated, exploiting job platforms and targeting unsuspecting professionals. As the demand for blockchain and web developers continues to rise, it is crucial for individuals to exercise caution and verify the legitimacy of job postings and interview processes. By sharing his story, Çeliktepe hopes to raise awareness and prevent others from falling victim to similar scams. The community’s support and collaborative efforts are essential in combating these threats and ensuring the safety of developers in their professional pursuits.