SlowMist Cosine: Web3 job seekers fall into code review traps
Jinse Finance reported that a user was attacked by hackers while applying for a Web3 position. The attacker impersonated @seracleofficial and asked the job seeker to review code on Bitbucket. After the victim cloned and ran the code, the malicious program immediately scanned all local .env files and stole sensitive information, including private keys. Security expert Cosine from SlowMist (@evilcos) pointed out that this type of backdoor is a typical "stealer," specifically designed to collect various types of private information from users' computers, including passwords saved in browsers, mnemonic phrases, and private keys from crypto wallets. The expert especially reminded that suspicious code must be analyzed in an isolated environment to prevent being attacked.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Bitcoin ATM operator Coinme ordered to return over $8 million to customers
Bitwise CIO: Strategy will not sell its bitcoin holdings
USD/JPY falls to 154.65, hitting its lowest level since November 17
Russia's second largest bank VTB plans to launch cryptocurrency trading services through brokerage accounts in 2026
Trending news
MoreCrypto prices
More
