Flutterby™! : exploit by job interview

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

exploit by job interview

2023-12-29 23:29:31.387186+01 by Dan Lyke 1 comments

Bleeping Computer: Blockchain dev's wallet emptied in "job interview" using npm package

As a part of the job interview, the recruiter asked Çeliktepe to download and debug the code in two npm packages—"web3_nextjs" and "web3_nextjs_backend" hosted on a GitHub repository. However, moments later, the developer discovered that his MetaMask wallet had been drained—with upwards of $500 siphoned out of his account, based on the information seen by BleepingComputer.

[ related topics: Current Events Heinlein ]

comments in ascending chronological order (reverse):

#Comment Re: exploit by job interview made: 2023-12-30 13:43:12.658827+01 by: meuon

It's been a few years since I've hired a programmer. The "download and fix code" thing seems like real work, not a test. As for it draining his wallet...well.. that's a whole different issue.