Scam recruiters target blockchain devs on Upwork, steal crypto with npm packages
A blockchain developer fell victim to a crypto scam after responding to a seemingly legitimate Upwork job.
Bad actors have turned to Upwork in an effort to lure blockchain developers into downloading malicious software, enabling them to drain cryptocurrencies from non-custodial wallets. As per a BleepingComputer report, scam recruiters are instructing victims via LinkedIn to download and debug code from two malicious npm packages, hosted on a GitHub repository.
One of the malicious npm packages on GitHub | Source: BleepingComputer You might also like: Minnesota man loses $9m in LinkedIn crypto romance scam
Once developers execute the packages, a malicious script gains access to their devices. In an interview with BleepingComputer, Antalya-based blockchain developer Murat Çeliktepe revealed losing over $500 from his MetaMask wallet in crypto after opening the npm packages, providing scammers with remote access to his device.
The incident extends beyond Çeliktepe, as the report notes other developers reporting similar encounters with the same recruiters on LinkedIn, highlighting the prevalence of scams targeting blockchain developers.
Scammers seem to continue targeting blockchain developers through job platforms like LinkedIn and Upwork, showcasing a persistent strategy. In an incident in 2022, North Korea-affiliated hackers managed to pilfer $600 million from the Axie Infinity blockchain game by sending a fake job offer in a malicious PDF file via LinkedIn to an engineer from Sky Mavis, a company behind the web3 game.