You were hit by a fake job or freelance scam
Scammers pose as recruiters or clients and send "test projects," "onboarding documents," or "required software" that contains malware. This is an increasingly common attack targeting developers and freelancers in the crypto space.
The job offer was never real. It was a sophisticated social engineering attack.
How this attack works
A 'recruiter' or 'client' offers an attractive role and asks you to run a take-home task: clone a repo and run it, install 'required' software, or open an onboarding document. The code or file contains malware that steals your seed phrase, browser wallet data, and credentials.
These campaigns are well-resourced and patient — fake company sites, profiles, and interviews — specifically targeting developers and others likely to hold crypto. The job was never real.
Warning signs
- •An unsolicited job or collaboration led you to run code or install software.
- •You were rushed to complete a 'test task' or onboarding step.
- •You were asked to disable security warnings or antivirus to proceed.
What to do right now
- •Research companies thoroughly before opening any files
- •Never run code or install software from unknown sources
- •Be suspicious of unsolicited job offers, especially in DMs
- •Use virtual machines for reviewing suspicious projects
- •Run antivirus scans and consider reinstalling your OS
- •Create a brand new wallet on a clean device
Not sure this is what happened to you?
Run the 2-minute diagnostic