BitSong founder says "fake interview" scam led to private key theft

AI Market Summary
A BitSong founder reported a social-engineering "fake interview" attack that exfiltrated environment variables containing private keys after running compromised dependencies, with additional wallet-connection bait. While the direct scope appears isolated and losses are unquantified, the incident reinforces persistent operational-security and supply-chain risks for developers and Web3 projects, which can weigh on near-term risk appetite and trust in smaller ecosystems.
Impact level
● Low
Affected assets
BTC/USDT+3.00%
AI Insight · BTC/USDTAI Insight
▼ Bearish
Trade now
⚠️ AI-generated insights are based on news content and are provided for informational purposes only. They do not constitute investment advice or represent the views of BingX. Investing involves risk. Please trade responsibly.
BitSong founder bitangel84 said he was targeted in a hacking incident on July 14, according to ME News. The developer, who said he has more than eight years of blockchain experience, described being approached on LinkedIn by someone using the name Kostiantyn Pustovyi about a potential Web3 gaming collaboration. bitangel84 said the contact later invited him to a remote interview and prompted him to clone a code repository and run "yarn install" to install dependencies. He alleged that a hidden, obfuscated script in the process exfiltrated local environment variables containing private keys to an attacker-controlled server. He added that the attacker also asked him to try an online game and connect his wallet. The extent of losses has not yet been determined, and he said he cannot currently confirm how many wallets may have been compromised. Further updates will follow as the investigation continues. (Source: Foresight News)