A blockchain developer falls victim to a deceptive job interview on LinkedIn, losing over $500 from his MetaMask Wallet. The scam involves a coding task that exposes vulnerabilities, prompting the community to unravel the mystery behind the attack.
Blockchain developer Murat Çeliktepe recounts a distressing incident where a faux job opportunity on LinkedIn led to the depletion of $500 from his MetaMask Wallet. The fraudulent recruiter instructed Çeliktepe to debug code from GitHub repositories during a supposed tech interview, resulting in the unauthorized withdrawal.
The GitHub projects, named “web3_nextjs” and “web3_nextjs_backend,” appeared legitimate but were not published on npmjs.com. Despite community support, Çeliktepe remains unsure of the attack’s mechanics. Speculations include a potential reverse shell deployment or password interception during the tech interview.
Community insights propose that the illicit npm projects might have exploited vulnerabilities on Çeliktepe’s machine. Scam accounts, pretending to offer help, added to the chaos. The incident highlights the risks developers face in seemingly genuine job interviews.