As blockchain technology continues to expand, so does the demand for skilled developers in blockchain, cryptocurrency, NFTs, and related platforms. However, this booming field has also attracted scammers who aim to exploit developers’ skills and interests for malicious purposes. A concerning scam has been making the rounds on LinkedIn, targeting blockchain developers with offers that may appear legitimate but could potentially compromise personal security and sensitive information. Here’s what you need to know to protect yourself.

Here is a type of a message I got

The Scam: How It Works

1. The Job Offer: Scammers reach out via LinkedIn, posing as legitimate companies or project managers. They entice developers by offering a generous hourly rate, often around $70 per hour, for project work in the blockchain space. The work may be related to blockchain technology, cryptocurrency wallets, NFT platforms, or similar areas.
2. Request for GitHub ID: The scammers ask for your GitHub ID, claiming they need it to add you to their project. While sharing your GitHub ID is generally safe, this step is used to establish a sense of legitimacy, making you feel like you are part of a collaborative, ongoing project.
3. Providing Malicious Code: Once connected, they share a piece of code or project repository for you to work on. However, the code provided contains encrypted, malicious elements that could target sensitive data stored on your device. The code may be designed to infiltrate your system, steal information from your crypto wallet, or compromise your computer in other ways.

Why Blockchain Developers are Targeted

Blockchain developers are attractive targets for cybercriminals for several reasons:
• Access to Digital Assets: Blockchain developers often have access to cryptocurrency wallets and other digital assets, which are of high value.
• Trust in New Platforms: Developers in this field are accustomed to working on emerging platforms and may be more likely to engage in freelance or open-source projects.
• Complexity of Code: With complex encryption and advanced programming languages, blockchain code can be an ideal cover for hidden malicious functions.

Protecting Yourself from LinkedIn Scams

To safeguard your personal information, digital assets, and computer from these scams, consider the following protective measures:

Verify the Legitimacy of the Company and Project
Check the LinkedIn profile of the person or organization reaching out to you. Look for signs of a genuine business, such as company details, website links, and employee connections. Use reputable platforms to cross-check company legitimacy and reach out directly to the company’s official contact information if in doubt.

Examine the Code Thoroughly
Be cautious with any code shared by someone you don’t know personally or by a newly established connection. Before running or integrating any code, carefully examine it line by line to identify any encrypted or hidden elements. Use code analysis tools or sandbox environments to test code safely. If something feels off, don’t hesitate to ask other developers for their input or even refuse the project altogether.

Protect Your Wallet Information
Avoid using your main wallet on devices where you work on projects from unknown sources. Opt for a hardware wallet, which is not connected to the internet and therefore less vulnerable. Regularly update and secure your wallet information, using multifactor authentication (MFA) where possible.

Report Suspicious Accounts and Block Malicious Code
If you come across suspicious accounts or code, report the profiles to LinkedIn and GitHub. Blocking malicious code involves removing it entirely and alerting relevant communities or platforms. Look up security forums or communities where others may have encountered similar issues, as reporting threats can help prevent other developers from becoming victims.

Stay Informed:
Keep up with the latest news in cybersecurity and blockchain to stay aware of common scams and vulnerabilities. Online communities for developers can also provide insights and warnings about potential scams or red flags.