Beware of Interview Scams!

If you are interviewing for an engineering position, beware! Do not run any random repos without checking it! TL;DR There are scammers trying to steal your wallet private keys, and perhaps other hacks, too, by asking you to run arbitrary code. Do NOT run a random repo on your computer! The Full Story LinkedIn is a great platform if you are looking for jobs. 80% of my previous jobs are through random recruiters on LinkedIn. And for engineering jobs, technical interviews and coding tests are the norm. A typical technical interview lasts between 30 to 60 minutes, perhaps the 10 to 15 minutes is just a short technical skill evaluation before the real interview, I thought to myself. When I conduct technical interviews, I prefer to talk to the candidates, before any technical skill tests. Soft skills are as important as the technical skills; and context matters, too. So what happened next raised multiple red flags. First, I check the repo and browse around the code base. In one of the API files, I notice an unusual horizontal scroll bar. As I scroll, a block of obfuscated code reveals. This is the first red flag. Then, I’m told that the CTO may or may not be present for the interview. This is the second red flag. How can you interview a candidate without showing up to the interview? To confirm my suspicion, I asked AI to analyze the obfuscated code block. And here’s what it finds out: Then I recall, one of the developers in my network shared a similar story. They were told to run a coding test repo and instructed to connect their crypto wallet during the interview. The process appears to be normal, until later the wallet was hacked and real crypto assets were lost. The Ending To prevent this account to scam others, I confronted the scammer directly. And shortly after my reply, I witness the profile gets deleted. The Takeaways Do NOT run arbitrary code for any reason. Even if it’s coming from friendlies. Always use AI to scan the code for security threats. Use a special purpose email and phone number for your resume/CV. You never know who is collecting your personal information. Always be alert for any red flags — anything out of the norm — when you are dealing with strangers. Safe job-hunting! About the Author PAK is a hands-on engineering leader who has been building projects and teams for various startups, mostly focused in Web3, AI and gaming spaces. He is an “organization freak” who has OCDs in keeping things organized in the most chaotic and fast-paced industries, using frameworks and playbooks. He believes that AI will make engineers’ lives — and everyone’s lives better as many of the mundane tasks can be done by AI now, so humans can work on more interesting challenges.

May 8, 2025 - 20:36

If you are interviewing for an engineering position, beware! Do not run any random repos without checking it!

TL;DR
There are scammers trying to steal your wallet private keys, and perhaps other hacks, too, by asking you to run arbitrary code. Do NOT run a random repo on your computer!

The Full Story

LinkedIn is a great platform if you are looking for jobs. 80% of my previous jobs are through random recruiters on LinkedIn. And for engineering jobs, technical interviews and coding tests are the norm.

A typical technical interview lasts between 30 to 60 minutes, perhaps the 10 to 15 minutes is just a short technical skill evaluation before the real interview, I thought to myself.

When I conduct technical interviews, I prefer to talk to the candidates, before any technical skill tests. Soft skills are as important as the technical skills; and context matters, too. So what happened next raised multiple red flags.

First, I check the repo and browse around the code base. In one of the API files, I notice an unusual horizontal scroll bar.

As I scroll, a block of obfuscated code reveals. This is the first red flag.

Then, I’m told that the CTO may or may not be present for the interview. This is the second red flag. How can you interview a candidate without showing up to the interview?

To confirm my suspicion, I asked AI to analyze the obfuscated code block. And here’s what it finds out:

Then I recall, one of the developers in my network shared a similar story. They were told to run a coding test repo and instructed to connect their crypto wallet during the interview. The process appears to be normal, until later the wallet was hacked and real crypto assets were lost.

The Ending

To prevent this account to scam others, I confronted the scammer directly.

And shortly after my reply, I witness the profile gets deleted.

The Takeaways

Do NOT run arbitrary code for any reason. Even if it’s coming from friendlies. Always use AI to scan the code for security threats.
Use a special purpose email and phone number for your resume/CV. You never know who is collecting your personal information.
Always be alert for any red flags — anything out of the norm — when you are dealing with strangers. Safe job-hunting!

About the Author

PAK is a hands-on engineering leader who has been building projects and teams for various startups, mostly focused in Web3, AI and gaming spaces.

He is an “organization freak” who has OCDs in keeping things organized in the most chaotic and fast-paced industries, using frameworks and playbooks.

He believes that AI will make engineers’ lives — and everyone’s lives better as many of the mundane tasks can be done by AI now, so humans can work on more interesting challenges.