I own a company and get contacted daily by tons of applicants who scammers took advantage of using fake similar domains and such. My opinion is that scammers, wherever they are in the world, should get bombed. Criminals only stop when the risks are higher than the rewards. And we need to stop victim blaming companies and individuals.

AI didn't save him.

His intuition did.

I’ve grown to depend on little snitch for this sort of thing. Always run in either Alert or Deny mode.

It is a little wild how many things expect to communicate with the internet, even if you tell them not to.

Example: the Cline plugin for vscode has an option to turn off telemetry, but even then it tries to talk to a server on every prompt, even when using local ollama.

> The scary part? This attack vector is perfect for developers. We download and run code all day long. GitHub repos, npm packages, coding challenges. Most of us don't sandbox every single thing.

Embedded into this story about being attacked is (hopefully) a serious lesson for all programmers (not just OP) about pulling down random dependencies/code and just yolo'ing them into their own codebases. How do you know your real project's dependencies also don't have subtle malware in them? Have you looked at all of them? Do you regularly audit them after you update? Do you know what other SDKs they are using? Do you know the full list of endpoints they hit?

How long do we have until the first serious AI coding agent poisoning attack, where someone finds a way to trick coding assistants into inserting malware while a vibe-coder who doesn't review the code is oblivious?

The article never really addresses if it was a totally fake setup or a real crypto company scamming interviewees. Does "Symfa" exist? Does the "Chief Blockchain Officer"?

why is this website `daviddodda` while the linkedin message mentions `arun`.

This might be the forth or fifth time I've seen this type of post this week, is this now a new form of engagement farming?

This article was written by an LLM.

I get that the author might be self-conscious about his English writing skills, but I would still much rather read the original prompt that the author put into ChatGPT, instead of the slop that came out.

The story - if true - is very interesting of course. Big bummer therefore that the author decided to sloppify it.

David, could you share as a response to this comment the original prompt used? Thanks!

> Last week, I got a LinkedIn message

Are there any moderators left at LinkedIn?

The pseudonym "Mykola Yanchii" on LinkedIn [1] doesn't look real at all.

Click "More" button -> "About this profile", RED FLAGS ALL OVER.

-> Joined May 2025 -> Contact information Updated less than 6 months ago -> Profile photo Updated less than 6 months ago

Funny things, this profile has the LinkedIn Verified Checkmark and was verified by Persona ?!?! -> This might be a red flag for Persona service itself as it might contain serious flaws and security vulnerabilities that Cyber criminals are relying on that checkmark to scam more people.

Basically, don't trust any profile who's been less than 1yr history even though their work history dated way back, who has Personal checkmark, that should do it.

[1] https://www.linkedin.com/in/mykola-yanchii-430883368/overlay...