LIVE
Binance News
--
Blockchain Developer Loses $500 in MetaMask Wallet Scam
According to CryptoPotato, blockchain developer Murat Çeliktepe fell victim to a scam that resulted in the loss of $500 from his MetaMask Wallet. Çeliktepe was contacted on LinkedIn by an individual posing as a recruiter offering a web development job opportunity. During the job interview, the recruiter instructed Çeliktepe to download and debug code from two npm packages hosted on a GitHub repository. After following the instructions, the developer discovered that his MetaMask wallet had been depleted, with over $500 fraudulently withdrawn from his account.
The job listing on Upwork claimed to offer an hourly payment between $15 and $20 for a task expected to be completed in less than a month. Technical interviews often involve take-home exercises or proof-of-concept assignments, making the offer convincing even for individuals with technical expertise. The applications found in the mentioned GitHub repositories are valid npm projects, but they have not been published on npmjs.com, the largest open-source registry for JavaScript projects.
After sharing his experience on social media, Çeliktepe sought assistance from the community to understand the mechanics of the attack. The community responded with support and various theories on how the attacker might have breached his MetaMask wallet. Some suggested that the npm projects executed by Çeliktepe could have allowed the attacker to deploy a reverse shell, exposing vulnerabilities on the developer's machine. Others proposed that the illicit npm project might have copied passwords from a web browser with auto-fill enabled or intercepted network traffic during the tech interview.
The job listing on Upwork claimed to offer an hourly payment between $15 and $20 for a task expected to be completed in less than a month. Technical interviews often involve take-home exercises or proof-of-concept assignments, making the offer convincing even for individuals with technical expertise. The applications found in the mentioned GitHub repositories are valid npm projects, but they have not been published on npmjs.com, the largest open-source registry for JavaScript projects.
After sharing his experience on social media, Çeliktepe sought assistance from the community to understand the mechanics of the attack. The community responded with support and various theories on how the attacker might have breached his MetaMask wallet. Some suggested that the npm projects executed by Çeliktepe could have allowed the attacker to deploy a reverse shell, exposing vulnerabilities on the developer's machine. Others proposed that the illicit npm project might have copied passwords from a web browser with auto-fill enabled or intercepted network traffic during the tech interview.
Aviso legal: Se incluyen opiniones de terceros. Esto no representa una asesoría financiera. Puede haber contenido patrocinado. Lee los TyC.
Respuestas 0