It's a treacherous world for blockchain and Dapp developers

Asfaload develops a solution to help secure and authenticate downloads from the internet, using blockchain technology.

We recently opened a new Github repo which currently contains mainly Solidity code for our smart contract. In the process of development, a first issue was opened. As this repo was created the day before and not announced anywhere, it was very surprising to get a comment on this issue within an hour of its creation.

The comment was:

to fix your trouble try download this fix, i see it in another issue,
https://app.XXXX.com/XXXXXXXXX
password: changeme
when you installing, you need to place a check in install to path and select "gcc."

This has nothing to do with the issue, and is clearly a phishing attempt. I immediately deleted the comment.

Although this was a not very subtle attempt, it’s a very clear warning. Blockchain and Dapp developers are prime targets for phishers. I expect more dangerous attempts in the future, and as a project we will need to take some precautions. It does even raise the question about external contributions: how can a small and young project as ours safely accept outside contributions?