Imagine you are contacted on LinkedIn, X, or Facebook, and you get a message with an offer to join an ongoing project, and the offer is $ 150 an hour for the project.
You are sent a link to a fraudulent repo, which, once cloned, your crypto tokens are wiped, leaving you confused about what happened.
This is the current scam going on.
If you are an average user of X(former Twitter), you will notice there has been a lot of chatter over this kind of scam; today, we are going to construct the scam from the moment the scammer approaches their victim to when the scam is perpetuated.
How it starts.
From the moment you get the mail, remember you are targetted; the scam is structured in such a way as to make you believe there are serious.
As a savvy developer, you immediately go through the company profile. You are immediately at ease as the company is live, and whoever messages you is verified, or the profile has been open for a long time with much traction.
Colin Metcalf sent the message, and as you check the @parafincapital, all the members of the team are following him, so it shows credibility.
Next, you are asked to continue the discussion on @telegram or @discord as that is easy for conversation, or he is more active there.
You immediately join, and you are sent a couple of projects that are active on the real site, but it begins to twist from there.
Afterward, you are informed they are looking for KOLs to collaborate with @layer3xyz, @Polymarket, and @coin98_wallet
Projects are 100% legit, happy to push forward. Terms are agreed upon (terms are always outrageous in your favor). They mentioned that you need to create an account on Slack.
Now, the twist: Slack? but (Slack is like Discord).
You are informed to create an account, which takes less than 5 minutes. Then, he proceeds to send me a link to join their Slack room.
You do, and immediately you are sent a Slack group link; you click on the link as it looks legit Link looked legit. And it was.
But there is a problem. It says "server error."
You immediately sent him this screenshot, and he pings someone from the "team," saying, "name, did you have this error last week? What was the fix?”
Here is where the scam occurs.
The team member says he found the fix on Reddit, specifically point 4.
This is a legit post on Reddit. The fix involves a link to a "driver update" for Slack that you would need to install.
The Link in Step 4 leads you to a page supposedly meant to update your drivers.
The website is called FlaUI, and they even have a GitHub repository that looks legit.
You downloaded it and tried to install it, but it wasn't successful for some reason. You told him about this, and he said, "Let's hop on the call."
He told me to turn off the proxy. I did so, but nothing happened. He says you should relax tomorrow he would get the engineers to look at it.
You wake up the next morning.
Oh shittttttt!!!!!
Your account has been drained.
This is an ongoing scam happening to web3 developers, and we would try to deconstruct the scam and see how the supposed driver was a trojan.
Once you install the driver, it breaks, creates a back door, and sends your crypto out.
Top comments (0)