Hacken: There are scammers posing as project parties to induce developers and auditors to download suspicious repositories. Please be aware of the risks.

Blockchain security organization Hacken has recently discovered a scam that has emerged on platforms such as Telegram and Linkedin. It is worth noting that this scam targets developers and auditors in the cryptocurrency industry.

Specifically, scammers on social networks specifically target individuals who provide technical services, convincing them to download a repository in the name of a legitimate project. In the repository, there is an unstable "npm run" command in the code. When executed, it may jeopardize the user's file system. This method is similar to previous scams involving fraudulent zip files and PDFs.

To strengthen defense against this strategy, consider the following measures:

- Be cautious when downloading repositories, especially when prompted by unfamiliar sources;

- Carefully check repository code using tools such as Semgrep or CodeQL and establish defined rules to ensure its safety when executed locally.

Comments

All Comments

Recommended for you

Cointime精选 ·

Enshrine AI into EVM

Axonum enshrines AI into blockchain to build a decentralized supercomputer powered by global collective intelligence.
Cointime精选 ·

Volume 180: Digital Asset Fund Flows Weekly Report

US$435 outflows continue as incumbent ETF issuers continue to see withdrawals
MIIX Capital ·

MIIX Capital: io.net Research & Analysis Report

io.net is a decentralized GPU network for ML computing, valued at $1 billion, expected to reach over $5 billion in the bull market cycle.
NFTScan ·

NFT 101: What Is NFT Perps Trading?

NFT Perpetual Futures (NFT Perps) is a new type of derivative that allows investors to trade NFTs with better liquidity.
NFTScan ·

X Space Recap: Web3 Users’ Crypto Asset Security in the New Asset Protocol Boom

In the new asset protocol trend and the rapid development of the NFT ecosystem, with various new gameplay emerging, how Web3 users can effectively protect their crypto assets has become a new challenge.
Chainlink ·

What Is Tokenization?

Tokenization is the process of creating a digital representation of an asset by issuing a blockchain-based token.
HKEX: Accepts BOS HashKey, Huaxia, Harvest Bitcoin and Ethereum ETFs as eligible securities for multiple counters in the central clearing system

On April 27th, the Hong Kong Stock Exchange issued three notices, announcing the inclusion of Bo Shi HashKey Bitcoin ETF shares and Bo Shi HashKey Ethereum ETF shares, Huaxia Bitcoin ETF shares and Huaxia Ethereum ETF shares, and Jia Shi Bitcoin Spot ETF shares and Jia Shi Ethereum Spot ETF shares as Central Clearing System multi-counterparty eligible securities. It is reported that:
Russia’s Central Bank and Rosfinmonitoring unveil pilot of fiat-to-crypto tracking system

According to reports, since 2023, Russia has been trying to track cryptocurrency transactions and their sources. The Russian Central Bank and the Federal Financial Monitoring Service (Rosfinmonitoring) revealed that there is currently a system that allows private banks to track the connection between fiat-based transactions and cryptocurrency business.
PolkaWorld: Coretime trading on Kusama has started

On April 27th, PolkaWorld announced that Coretime trading on Kusama has begun, marking the end of the era of parallel chains. With the approval and implementation of Kusama proposal 373, the proposal will upgrade the Kusama relay chain runtime to v1.2.0 and bring Coretime functionality. Shortly thereafter, the Kusama community approved Kusmaa proposal 375 last Friday, allowing Coretime chain to begin selling Coretime. Currently, Kusama is in the Renew Period and is selling batches of Coretime.
Memeland: Runecoin airdrops for the Stakeland community are now complete

On April 27th, Memeland posted on social media that their Runecoin airdrop for the Stakeland community has been fully completed.