Crypto users across X have turned fake Web3 job scams into a viral joke after reports of recruiters using LinkedIn, Telegram, and fake GitHub projects to target developers, traders, and blockchain workers.
🤣 you would be surprise how many people fall for “crypto interview hacking” like this. Seen a few in my times already.
— CZ 🔶 BNB (@cz_binance) May 25, 2026
The trend gained attention after Binance co-founder Changpeng Zhao reacted to a satirical post from investor Anndy Lian claiming he had landed a CEO role at a crypto unicorn project worth $44,000 per month after installing “verification software” during an interview.
The joke ended with an impossible start date of June 31, mocking a scam format that has become increasingly common in the crypto industry. Zhao noted that many users still fall victim to similar “crypto interview hacking” schemes, particularly those circulating on LinkedIn and Telegram.
Just got hired as the CEO of a crypto unicorn project.
$44k/month.
HR reached out on Linkedin.
During the ZOOM interview, they installed their verification software on my laptop.
Excited to start on the 31st of June, wish me luck.
— Anndy Lian (@anndylian) May 24, 2026
Fake recruiters use high-paying crypto jobs as bait
The discussion quickly spread across crypto communities as traders and developers shared similar experiences using sarcasm to expose the scams.
Posts joked about receiving $54,000 monthly community manager offers or being asked to connect wallets and share passwords for “verification.”
Behind the humour, however, is a growing cybersecurity concern. Attackers have increasingly used fake job offers to push malware, wallet drainers, remote access tools, and credential-stealing software. Victims are often crypto developers, traders, and blockchain employees who may hold digital assets or have access to sensitive systems.
GitHub repositories emerge as a new attack route
Many of these scams reportedly begin on LinkedIn or Telegram before moving victims toward GitHub repositories, software downloads, or fake wallet verification requests. Warnings about suspicious interview projects have circulated for months across Reddit and security communities.
Developers have reported receiving interview invitations tied to high-paying crypto roles, only to be asked to download and run GitHub-hosted files locally. Security-conscious users have since advised running unknown projects only in isolated environments such as virtual machines or Docker containers.
Just last week, CZ urged developers to immediately review and replace exposed credentials following reports that hackers may have gained access to GitHub repositories during an ongoing security incident involving the developer platform.
Crypto sector faces rising social engineering threats
The rise in fake recruitment schemes highlights a broader social engineering problem facing the crypto sector. Social engineering has become the primary method for attacks in the crypto space, according to AMLBot’s 2025 investigation. The firm reviewed about 2,500 internal cases and found that 65% were due to compromised devices, weak verification, or delayed detection, rather than issues with blockchain code or smart contracts.
Attackers are increasingly relying on social engineering tactics like chat scams, impersonation schemes, and phishing links instead of looking for code vulnerabilities.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools
