Take-home job exercise empties blockchain developer’s crypto wallet

A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a “recruiter” for a web development job.

In a cautionary tale for developers, a blockchain and web developer from Antalya, Murat Çeliktepe, recently shared his experience of falling victim to a crypto scam disguised as a job interview. Approached by a recruiter on LinkedIn, Çeliktepe was enticed into downloading and debugging code from GitHub repositories as part of the interview process. Little did he know that this seemingly innocent exercise would result in the draining of his MetaMask wallet, with over $500 worth of cryptocurrency disappearing. This incident highlights the need for developers to be vigilant and cautious when engaging with potential job opportunities online.

The lure of a legitimate job posting

As a part of the job interview process, Çeliktepe was approached by a recruiter on LinkedIn who had posted a job on Upwork. The job posting appeared legitimate, asking applicants to fix bugs and improve the responsiveness of a website. The payment was promised to be between $15 and $20 per hour for a task expected to take less than a month. Intrigued by the opportunity, Çeliktepe decided to give it a try, unaware of the scam that awaited him.

The take-home exercise that led to the scam

The recruiter asked Çeliktepe to download and debug code from two npm packages, “web3_nextjs” and “web3_nextjs_backend,” hosted on a GitHub repository. While it is not uncommon for tech interviews to include take-home exercises or proof-of-concept assignments, this particular request turned out to be a trap. Despite the npm projects appearing valid, with package.json manifests, they had never been published on npmjs.com, the largest open-source registry of JavaScript projects.

The aftermath and search for answers

After successfully completing the exercise and attending a Google Meet session with the recruiter to discuss his solution, Çeliktepe later discovered that his MetaMask wallet had been emptied. Confused and seeking answers, he shared his experience on social media, hoping that someone could shed light on how the scam unfolded. However, instead of receiving assistance, he was targeted by opportunistic crypto bots and scam accounts posing as “MetaMask support.”

Insights from the developer community

While Çeliktepe is still unsure about the exact mechanics of the attack, members of the developer community have offered their insights. One bug bounty hunter hypothesized that the npm projects allowed the attacker to deploy a reverse shell, gaining access to Çeliktepe’s machine. However, the presence of certain code within the backend app suggests that this attack vector may have been possible. Other theories include the possibility of passwords being copied from a browser with auto-fill enabled or network traffic interception during the “tech interview.”

A recurring scam targeting developers

Çeliktepe is not the only victim of this scam. Another blockchain developer and security researcher, Bartu Bozkurt, revealed that he had also been approached by the same recruiter on LinkedIn. Mehmet Selim, another developer, confirmed receiving messages from the recruiter as well. This suggests that web developers and security researchers should be cautious of job offers on career development platforms, as they could be potential scams.

Conclusion:

The story of Murat Çeliktepe serves as a stark reminder of the dangers lurking in the world of online job opportunities. Developers must remain vigilant and exercise caution when engaging with recruiters or potential employers. Take-home exercises should be completed on separate machines, and suspicious requests should be thoroughly investigated before any action is taken. As the digital landscape continues to evolve, it is crucial for developers to prioritize their online security and protect themselves from falling victim to scams.