Take-home Job Exercise Empties Blockchain Developer’s Crypto Wallet

Take-home Job Exercise Empties Blockchain Developer's Crypto Wallet

A blockchain developer fell victim to a scam after being approached on LinkedIn by a “recruiter” for a web development job, resulting in the loss of funds from his MetaMask wallet.

In a shocking incident, a blockchain and web developer from Antalya, Murat Çeliktepe, shared his harrowing experience of being targeted by a scammer posing as a recruiter on LinkedIn. The developer was approached with what seemed to be a legitimate job posting on Upwork, but it turned out to be a cleverly orchestrated plan to drain his cryptocurrency wallet. This incident sheds light on the vulnerabilities faced by developers and the importance of vigilance in the digital world.

The Deceptive Job Posting and the Take-home Exercise

The job posting on Upwork appeared to be a typical web development task, offering an hourly rate of $15 to $20 for fixing bugs and improving website responsiveness. Intrigued by the opportunity, Çeliktepe decided to take up the challenge. As part of the interview process, the recruiter asked him to download and debug code from two npm packages hosted on a GitHub repository. Little did Çeliktepe know that this seemingly innocent exercise would lead to the loss of his hard-earned cryptocurrency.

The Devastating Discovery

Hours after downloading the npm packages and debugging the code, Çeliktepe discovered that his MetaMask wallet had been emptied, with over $500 worth of cryptocurrency stolen. The developer, perplexed by the turn of events, took to social media to share his ordeal and seek help from the community. He posted the codes he had received from the recruiter, hoping that someone could shed light on how his wallet was compromised.

See also  Algorand (ALGO): A Blockchain Breakthrough In Smart Contract Speed And Efficiency

Unraveling the Attack

While analyzing the code from the GitHub repositories, Çeliktepe could not pinpoint the exact mechanism behind the attack. However, community members and security experts offered some insights. One theory suggested that the npm projects provided the attacker with an opportunity to deploy a reverse shell, potentially gaining access to the developer’s machine. Another hypothesis proposed that the illicit npm project copied passwords from a web browser with auto-fill enabled, or intercepted network traffic during the “tech interview.” The exact attack vector remains unclear.

A Wider Scam Operation

Çeliktepe’s experience was not an isolated incident. Other developers, including security researcher Bartu Bozkurt and Mehmet Selim, confirmed being targeted by the same recruiter. This suggests a larger scam operation targeting web developers and security researchers. The community is now on high alert, urging caution when encountering job offers on career development platforms and recommending the use of separate machines for take-home job exercises.


The story of Murat Çeliktepe serves as a stark reminder of the risks faced by developers in the digital landscape. Scammers are becoming increasingly sophisticated, exploiting the trust and vulnerability of professionals seeking job opportunities. It is crucial for developers to exercise caution, thoroughly vet potential employers, and be vigilant against potential scams. This incident highlights the need for increased awareness and security measures to protect against such attacks. As the digital world continues to evolve, developers must remain vigilant to safeguard their assets and personal information.