It's a treacherous world for blockchain and Dapp developers
2024-08-28 securityAsfaload develops a solution to help secure and authenticate downloads from the internet, using blockchain technology.
It appears that publishing a Github repo with Solidity code makes you a prime target for phishers and scammers.
We recently opened a new Github repo which currently contains mainly Solidity code for our smart contract. In the process of development, a first issue was opened. As this repo was created the day before and not announced anywhere, it was very surprising to get a comment on this issue within an hour of its creation.
The comment was:
to fix your trouble try download this fix, i see it in another issue,
https://app.XXXX.com/XXXXXXXXX
password: changeme
when you installing, you need to place a check in install to path and select "gcc."
This has nothing to do with the issue, and is clearly a phishing attempt. I immediately deleted the comment.
Although this was a not very subtle attempt, it’s a very clear warning. Blockchain and Dapp developers are prime targets for phishers. I expect more dangerous attempts in the future, and as a project we will need to take some precautions. It does even raise the question about external contributions: how can a small and young project as ours safely accept outside contributions?