Scammers are targeting blockchain developers on Upwork, a popular freelancing platform, and stealing cryptocurrencies from their non-custodial wallets. According to reports, bad actors are posing as legitimate recruiters and tricking developers into downloading malicious software. The scammers then use the software to drain cryptocurrencies from the victim’s wallet.
The scam recruiters are using LinkedIn to contact potential victims and directing them to download and debug code from two malicious npm packages hosted on a GitHub repository. Victims are then asked to run the code on their local machines, which enables the scammers to access their wallets. The scam has already claimed several victims, with one developer losing $9 million in a LinkedIn crypto romance scam.
Blockchain developers are advised to take precautions when responding to job postings on Upwork and other freelancing platforms. They should never download or run code from untrusted sources, and they should always verify the legitimacy of the recruiter before sharing any sensitive information or downloading any software.
- Scammers are targeting blockchain developers on Upwork and stealing cryptocurrencies from their non-custodial wallets.
- Scam recruiters are using LinkedIn to contact potential victims and directing them to download and debug code from two malicious npm packages hosted on a GitHub repository.
- Blockchain developers should take precautions when responding to job postings on Upwork and other freelancing platforms and should never download or run code from untrusted sources.
Identifying and Avoiding Scam Recruiters
When searching for job opportunities on Upwork, it is important to be aware of the potential risks of encountering fraudulent recruiters. These bad actors use a variety of tactics to steal sensitive personal information from unsuspecting job seekers, including blockchain developers. In this section, we will outline some common red flags and tactics to watch out for, as well as best practices for protecting your personal information.
Common Red Flags and Tactics
Scammers often use phishing emails or job posts that appear to be from well-known companies or community services. They may also reach out to job seekers through social media platforms like LinkedIn. It is important to be cautious of suspicious activity, such as job offers that seem too good to be true or recruiters who are evasive or provide unrealistic promises.
Another tactic used by scammers is to request sensitive personal information, such as a social security number or bank account information, before a job offer has been made. This can be a sign of identity theft or other fraudulent activities.
Protecting Personal and Sensitive Information
To protect your personal information, job seekers should be cautious of emails and attached files from free accounts. Additionally, it is important to scrutinize the authenticity of job offers and be wary of recruiters who request personal information too early in the process.
When using Upwork, job seekers should also take advantage of the platform’s Trust and Safety team, which offers identity verification and background checks. It is important to keep in mind that legitimate recruiters will never ask for sensitive personal information before a job offer has been made.
Best Practices for Upwork Users
To avoid falling victim to Upwork scams, job seekers should always verify the legitimacy of a job offer before providing any personal information. This can be done by contacting the company directly using a phone number or email address found on their official website.
It is also important to use caution when clicking on links or downloading attachments from unknown sources, as these can contain malicious software. Upwork users should also be aware of suspicious activity, such as recruiters who request payment for job offers or ask job seekers to purchase equipment or software before starting work.
By following these best practices and remaining vigilant for red flags and suspicious activity, job seekers can protect themselves from falling victim to scam recruiters on Upwork.
Technical Aspects of Scams Involving NPM Packages
Understanding the Role of NPM Packages in Scams
NPM packages are an integral part of software development, but they can also be used maliciously by scammers. In the case of the Upwork job scam targeting blockchain developers. Scammers used NPM packages to steal cryptocurrencies from non-custodial wallets.
The scam works by enticing engineers to download malicious software disguised as a legitimate product. Once the engineer installs the package. The malware steals the private keys to the digital currency held in the non-custodial wallet. The scammers can then access the cryptocurrency and transfer it to their own wallets.
Scammers also use NPM packages to distribute malware and bugs that can compromise the security of the product. They can use the malware to gain access to the product’s code. Which can lead to data breaches and other security issues.
Securing Crypto Assets Against Scammers
To protect themselves from scammers, engineers must take several precautions. One of the most important is to use a VPN or virtual private network when working on the product. A VPN encrypts the engineer’s internet connection and prevents scammers from intercepting their traffic.
Engineers should also be careful when downloading NPM packages. They should only download packages from trusted sources and verify the package’s authenticity before installing it. They should also keep their NPM and GitHub repositories up-to-date and secure.
To secure their cryptocurrency, engineers should use a secure password and two-factor authentication. They should also use a secure wallet like MetaMask. Which encrypts their private keys and provides an extra layer of security.
By following these best practices. Engineers can protect themselves from scammers and ensure the security of their products and digital assets.