Express

SlowMist Labs: Job Seekers Fall Victim to 'Backdoor Theft' During Code Review, Private Keys Stolen Directly

Summary: According to SlowMist Labs @evilcos, job seekers in the Web3 industry have encountered malicious code traps during interviews. In this incident, attackers impersonated @seracleofficial, requesting job seekers to review and run code on Bitbucket. After victims cloned the code, the program immediately scanned all local .env files and stole sensitive information such as private keys. ...

According to SlowMist Labs @evilcos, job seekers in the Web3 industry have encountered malicious code traps during interviews. In this incident, attackers impersonated @seracleofficial, requesting job seekers to review and run code on Bitbucket. After victims cloned the code, the program immediately scanned all local .env files and stole sensitive information such as private keys.

SlowMist Labs pointed out that this type of backdoor is a typical stealer, capable of collecting passwords saved in browsers, encrypted wallet mnemonic phrases, and private keys, among other private data. Experts emphasize that when dealing with suspicious code reviews, it is essential to operate in an isolated environment to avoid direct execution on real devices and potential attacks.

Last Update:

Tags:
Link: SlowMist Labs: Job Seekers Fall Victim to 'Backdoor Theft' During Code Review, Private Keys Stolen Directly   [Copy]
Next:

Related Articles

  • The Road to 2026: Where Is the Web3 Ecosystem Heading Next? 12 days ago
  • Vishwa Advances Agentic Infrastructure Research Through Contribution to Emerging Framew... 27 days ago
  • BitMart US Launches Operations with 49-State Licensing and Zero-Fee Program November 17, 2025
  • Global Financial Giants Enter Stablecoin Arena in Pivotal Shift October 30, 2025
  • CRYPTO'S NEW PLAY: 24/7 STOCK TRADING October 29, 2025

    • You need to login to comment.