Web3 gaming developers are currently facing a new threat as scammers employ sophisticated tactics to lure them into a deceptive scheme. This article delves into a recent incident involving a fraudulent job offer for a Solidity developer position in the Web3 game MythIsland and the subsequent uncovering of a well-orchestrated scam.
The Deceptive Job Offer:
A wave of scams has emerged, specifically targeting developers within the Web3 gaming industry. Reports reveal that scammers initiate direct messages to game developers, enticing them with enticing offers for Solidity developer roles in projects such as the Web3 game MythIsland. The scammers employ a fraudulent website, skillfully designed with detailed graphics, credible associates, and functional links, creating a convincing facade of authenticity.
Unveiling the Scam:
The unraveling of this fraudulent scheme occurred when a freelance developer, identified as 0xMario on X (formerly Twitter), shared his unfortunate experience as a victim in a cautionary thread. This revelation quickly gained traction, prompting other users to come forward with similar encounters of being targeted by the scam.
The Scammer’s Approach:
The scam initiation involved a direct message on X from a now-deleted account (@ameliachicel), offering an exciting Solidity developer opportunity for the Web3 game MythIsland. The fraudulent website boasted impressive graphics, functional links, and a detailed presentation of the game, incorporating in-game economy and NFT aspects. The scammers went to great lengths, presenting doxxed team members, professional-looking websites, and social media profiles to enhance the project’s credibility.
The Deceptive Dialogue:
Once a developer accepted the offer, the communication transitioned to the Telegram messaging platform. Detailed conversations about the job and the game took place, including team introductions and information exchanges. However, suspicion arose when the developer was asked to download a game launcher to access an alpha version. 0xMario, exercising caution, used a virtual Windows machine for the download, leading to a .NET Framework update error. This prompted the developer to report the issue to the scammers, triggering a sequence of events.
🚨 SCAM ALERT 🚨
Today I was targeted by the most sophisticated scam I have experienced so far.
Luckily, they didn't manage to steal a single cent from me, but I could have lost everything I had and it could easily happen to you.
Thread 🧵👇
— 0xMario 🐷 (@0xM4R10) January 14, 2024
Escalation of Suspicion:
Upon the scammers’ request to use a different Windows machine, the developer complied, but the same error occurred. Subsequently, all communications were abruptly erased, and the developer was blocked. Recognizing the potential risk, the developer treated his equipment as compromised and took thorough measures to clean it.
The game was called MythIsland, and the website looked pretty good: mythisland[.]io (be very careful if you browse it).
It had cool graphics, in-game content, every link worked as expected, the team was "doxxed" etc…
3/12 pic.twitter.com/1iXIy6GI5D
— 0xMario 🐷 (@0xM4R10) January 14, 2024
Unveiling the Web of Deceit:
The extent of the scam became apparent as investigators discovered a meticulously crafted web of deceit. The scammers had fabricated detailed social media profiles, one of which claimed to be a former developer at Cosmos Network, adding another layer of credibility to their scheme.
At one point, they told me the game was already in the alpha stage and that I should download the launcher and create an account.
At this point, I really didn't think this was a scam at all, so I downloaded the launcher from their website.
5/12 pic.twitter.com/ePlaNp5UBz
— 0xMario 🐷 (@0xM4R10) January 14, 2024
Security Measures and Recommendations:
In light of this incident, experts recommend employing caution and utilizing secure methods when downloading files. Virtual machines or expendable computers are suggested for performing suspicious downloads to minimize risks. Additionally, secure platforms like Google Docs should be used for document transfers.
Potential Threats:
The game launcher, purportedly used to access the alpha version, could have been a potential malware, posing risks such as ransomware or theft of critical information. This incident serves as a critical reminder for the Web3 community to prioritize cybersecurity measures.
Conclusion:
The Web3 gaming industry faces an evolving landscape of threats, with scammers employing increasingly sophisticated methods to deceive developers. This recent scam highlights the importance of vigilance, secure practices, and collaborative efforts within the community to safeguard against such deceptive schemes. Developers are urged to remain cautious and prioritize cybersecurity to ensure a resilient Web3 ecosystem.
