Forward the Original Title‘Crypto job scams: How hackers trick applicants and how to stay safe’

Scams & Hacks

Key takeaways

• Fraudsters impersonate legitimate companies on LinkedIn, Telegram, and job boards, promising high-paying remote positions to steal money and personal data.
• Scammers demand processing fees, push fake training programs, or trick victims into downloading malware disguised as onboarding software.
• High-profile scams, such as GrassCall and fake CrowdStrike recruiters, show how scammers use phishing and malware to steal crypto assets.
• Recognizing red flags like payment requests, rushed hiring processes, and unverified company details can help job seekers stay safe.

The rapidly growing cryptocurrency market, combined with the rise of remote work culture, has created a fertile ground for job scams. Scammers prey on hopeful applicants with promises of high-paying remote positions. They lure the applicants into scams that steal their funds and personal data, using sophisticated tactics to deceive the victims.

Job scams have proven highly effective, which explains why thousands of people continue to fall victim to them. Chainalysis revealed that daptonerecordsmusicalbums[.]com, a fraudulent job site pretending to be a record label, amassed more than $300,000 in Bitcoin BTC $83,271 and Ether ETH $1,908 in just two months. Another deceptive website outlierventures-app.com received 362 deposits over a single week totaling $95,000.

This article will explore common crypto job scams, how hackers cheat unsuspecting applicants and key warning signs. It also shares tips to protect yourself from falling victim, ensuring your job search remains scam-free in the crypto space.

What are crypto job scams?

Crypto job scams are fraudulent schemes where scammers pose as legitimate employers in the cryptocurrency industry to deceive job seekers. Promising high-paying remote jobs that require minimal effort, they trick applicants into sharing personal data, paying upfront fees or downloading malware disguised as onboarding software.

Fraudulent crypto job scammers often use phishing emails or fake job postings on platforms like LinkedIn and Telegram to scam their victims. Once victims fall for the scam, they may lose funds, have their crypto wallets drained or unknowingly install spyware.

The scamsters may impersonate established companies and lure targets for fake reviews of store applications, products, streaming music or hotels. For instance, they may position themselves as recruiters of TikTok, hiring for product and purchasing reviews.

Did you know? Binance suffered major losses due to phishing scams, with September 2024 alone seeing approximately $46 million stolen through fake customer support. Over Q3, these scams targeted roughly 11,000 users monthly, resulting in a total loss of $127 million.

How do crypto recruitment scams work?

Recruitment scams in the crypto industry often trick job seekers into paying money under false pretenses. Scamsters usually lure people with promises of simple online tasks, such as booking travel or watching advertisements in exchange for income.

Here are a few common ways of how crypto recruitment scams work:

• Demand of upfront fees: A common tactic involves requesting upfront fees for processing applications, conducting background checks or covering travel expenses. They may simply steal the money without providing any legitimate job opportunities.
• Fake training or certification programs: Another method is fake training or certification programs, where job seekers are asked to pay for courses of poor quality or nonexistent. These “courses” are designed solely to extract money.
• Counterfeit checks: Scammers ask you to deposit into an account while giving you a counterfeit check that they ask you to deposit to get back a portion of the funds. Later, you find the check fake and lose the money you paid as a deposit.
• Money transfer: Fraudsters request payments in crypto or fiat for access to work or as processing fees. They often operate on a tiered membership system, requiring upfront payments for higher levels, which help you “generate” more earnings. Once you send the money, they simply disappear.

• Sending malicious files: Malicious actors may attach harmful files to the “recruitment” emails they send to you. Unknowingly, you may install malware on your device, putting your digital assets at risk. For instance, they may ask you to download a fraudulent video conferencing app, acting as spyware, to arrange an interview with their CEO.

Did you know? California’s financial regulator warns of seven new types of crypto, AI scams. These include fake BTC mining schemes, where fraudsters offer fake investments in mining and fake crypto gaming schemes, where users deposit funds only to have their wallets drained.

How fake crypto job scams reel you in with a 7-step process

Understanding the hiring process will help you distinguish real opportunities from fraudulent schemes. Here is the process of hiring for fake cryptocurrency jobs, though it might work a bit differently for each:

• Step 1: Job posting – Scammers create professional-looking job listings on job boards and social media, often advertising high-paying roles in crypto trading, investment analysis and development. They put up postings as remote work options to lure a global audience.
• Step 2: Initial contact – Once a candidate applies, scammers respond quickly. They may use fake company websites and social media profiles to appear credible. Sometimes, they may also contact victims, pretending they are looking for candidates for a position.

• Step 3: Request to register – After the victim accepts the job offer, the scammer directs them to a fake website. Often, they share a referral code for the candidate to use when signing up. The website content remains inaccessible until the victim registers, concealing its malicious nature.

• Step 4: Requesting “training” fees – The scammer introduces mandatory training or access to exclusive trading tools, requiring applicants to pay a fee, usually in cryptocurrency. They may also request that the victim install a malicious app or download a fraudulent file.

• Step 5: Pressure tactics – To rush decisions, scammers claim limited spots in the training program or offer special discounts, pressuring applicants to pay quickly without verifying the job’s legitimacy.
• Step 6: Assigning fake tasks – After receiving payment, scammers may assign meaningless tasks such as clicking on advertisements or doing data entry on the company’s platform.
• Step 7: Disappearing act – Once the victim has sent money, the scammer becomes unresponsive and disappears entirely, leaving the job seeker without a job or funds.

How fraudsters use fake tasks and deposits to trap victims

Crypto job scams operate by gradually luring victims into depositing money under the guise of earning easy profits. Scammers often present seemingly legitimate tasks, such as clicking ads, submitting reviews, booking hotels or placing product orders. The specific tasks vary based on the platform’s theme, but the core tactic remains the same — victims must complete repetitive actions, like clicking buttons, to earn money.

Victims are usually required to complete 30-50 clicks per job session, following instructions from a so-called “supervisor.” Initially, scammers may allow a small withdrawal to build trust. However, they soon encourage victims to deposit more funds to access higher-paying assignments. The scammer will ensure that withdrawals never exceed the total deposited amount, keeping victims engaged with a fake commission balance.

Scammers may introduce a fake “lucky” event to further exploit victims, claiming the user has unlocked a bonus-earning opportunity. However, to continue, the victim must deposit additional funds. At some point, an “error” will prevent further actions, with the scammer pushing for even higher deposits to resolve the issue. Many unsuspecting users fall into this trap, ultimately losing all their money to the fraudsters before realizing the deception.

Some crypto job scams use large group chats on platforms like Telegram or WhatsApp. These chats are filled with fake accounts that pressure victims, boast about fabricated earnings and manipulate them into depositing larger accounts, a tactic quite closely resembling pig butchering scams.

Real-world examples of crypto job scams

Crypto job scams have become a nuisance for job seekers and genuine recruiters. Here are a few real-world examples of crypto job scams:

1. GrassCall malware campaign

On Feb. 26, BleepingComputer reported that scammers used a malicious meeting app called “GrassCall” to target Web3 job seekers through fake job interviews. The app installed information-stealing malware designed to steal passwords and wallet credentials. The campaign affected hundreds of job seekers, with some victims reporting their wallets were drained.

The attack was orchestrated by “Crazy Evil,” a cybercrime group specializing in social engineering tactics. They deceived users into downloading malicious software by promoting fake job opportunities and blockchain-related games on social media.

The scammers created a fictitious company called “ChainSeeker.io” with a website and social media presence on X and LinkedIn. They even posted premium job listings on LinkedIn, WellFound and CryptoJobsList platforms.

Applicants were sent interview invites instructing them to contact a fake chief marketing officer (CMO) via Telegram. The CMO would then direct them to download “GrassCall” from “grasscall[.]net,” which offered tailored downloads for Windows or Mac users.

Cybersecurity researcher g0njxa discovered that GrassCall was a clone of another fraudulent platform, Gatherum. The malware installed included remote access trojans (RATs) and info-stealers like Rhadamanthys for Windows and Atomic Stealer (AMOS) for Mac, which are designed to extract sensitive information and cryptocurrency assets.

Attackers upload the stolen data to their servers and the information is shared in cybercrime Telegram channels. When they find a crypto wallet, passwords are brute-forced, assets stolen and payments issued to those who successfully tricked victims into downloading the software.

After the report’s publication, CryptoJobsList removed the fraudulent listings and advised applicants to scan their devices. The “GrassCall” site has since been taken down, but attackers have pivoted to a new campaign called “VibeCall.”

Did you know? If a game you installed turns out to be malware, immediately disconnect your internet and turn off your device. To safeguard your assets, transfer cryptocurrency and recovery phrases from the compromised device to a secure location using a clean alternative device.

2. Fake CrowdStrike recruiter

In Feb. 2025, CrowdStrike, a cybersecurity firm, identified a phishing campaign where scammers impersonated the company to trick job seekers into downloading a Monero cryptocurrency miner (XMRig).

The scam began with an email from a fake CrowdStrike recruiter thanking applicants for applying for a developer role. The email invited them to download a supposed “employee CRM application” from a fraudulent website resembling the official CrowdStrike portal.

The website (“cscrm-hiring[.]com”) offered Windows and macOS versions of the fraudulent tool. Once downloaded, the application performed checks to ensure it was not working in the analysis environment. For this purpose, it verified system details like process numbers, presence of debuggers and CPU core count.

Once the victim was found conducive to infection, the tool displayed a fake error message, claiming the installer file was corrupt. Meanwhile, it fetched a configuration file to run XMRig in the background, downloaded the miner from GitHub, and installed it in the “%TEMP%\System” folder.

The malware added a batch script to the start menu startup directory and modified the system registry. The miner ran in the background using minimal processing power (10%) to avoid detection.

3. Recruitment via informal channels

A Binance Square post on June 25, 2023, discussed fraudsters using WhatsApp to contact a person they called Mark, offering him a high-paying part-time job (~1000 USDt per week), with payments made through an encrypted wallet. The caller claimed they were working for a London-based digital marketing firm. The job offered minimal skills, had flexible rules and only required a cell phone.

Impressed, Mark followed the recruiter’s instructions and created an account on their platform. He was then asked to deposit 500 Tether to receive his first 40 assignments. Trusting the process, Mark transferred the funds and completed the tasks. However, the platform blocked him when he attempted to withdraw his money. The recruiter then demanded an additional 1,000 USDt to release his funds.

At this point, Mark realized he had fallen for a scam.

Another Binance Square post warned that ‘www.travelsunrise.work’ is a fake job website. Binance took swift action by locking down the fraudulent address, preventing users from incurring losses.

Psychological reasons for victims falling prey to crypto job scams

Crypto job scams exploit psychological biases to trap victims into making payments they wouldn’t otherwise consider. At first glance, paying a company to earn money seems absurd. However, scammers thrive on emotions, financial desperation and behavioral tendencies to manipulate their targets. Three key psychological mechanisms make victims fall for these scams:

• Sunk cost fallacy: People are reluctant to abandon something they have invested time or money in, even when the outcome is negative. A victim who has already deposited funds and completed a string of tasks may feel compelled to continue, hoping to eventually recover their losses.
• Principle of reciprocity: Scammers create a false sense of obligation. They may display a “negative balance” to the victim, making it seem like they are doing them a favor. This manipulates the victim into repaying the favor by depositing more money when prompted.
• Loss aversion: The fear of losing money is often stronger than the excitement of gaining it. Victims see their account balance growing on the scam platform, even though it is fake. They fear losing their “earnings” and are willing to pay additional fees to unlock or withdraw their money, not realizing the funds are never accessible.

These tactics create a powerful psychological trap, making victims feel they must continue paying into the scam. Unfortunately, by the time they realize the deception, they have often lost significant sums with no way to recover them.

How to avoid crypto job scams?

Here is how you can protect yourself from crypto job scams:

• Verify job offers: Before responding to any crypto-related job offer, confirm its legitimacy. Check the company’s official website, LinkedIn page and other verified social media platforms. Contact the company’s HR department to verify the recruiter’s identity if unsure.
• Be cautious of unsolicited offers: Scammers often reach out through emails, social media or direct messages with fake job offers. Be skeptical of any unexpected job proposal, especially if you have never applied.
• Never pay upfront fees: Legitimate employers will never ask you to pay for training, equipment or onboarding costs. It is a red flag if a job requires you to send money or cryptocurrency upfront.
• Use scam detection tools: If you consistently receive crypto scam messages, you could use online crypto anti-scam tools that deploy strategies like transaction monitoring, behavioral analytics and AI-driven fraud detection to combat scams.
• Be cautious of “too good to be true” offers: Avoid unrealistic offers. For instance, the offer of ~1000 USDt per week to Mark was baffling. Also, legitimate companies won’t ask you for funds in return for more money.

What to do if you have been scammed in a fake job scam

If you have fallen victim to a phony crypto job and recruitment scam, here are the steps you need to take:

• Step 1: Stop all communication with scamsters – Immediately cut off all contact with the scammer. Do not reply to their messages or follow any further instructions.
• Step 2: Gather evidence – Save all messages, emails and transaction records related to the scam. These details can be crucial when reporting the incident to the authorities.
• Step 3: Report the scam – Inform your local authorities and any relevant regulatory bodies. For instance, if you are a victim of a cryptocurrency job scam in the US, you should report it to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) or contact your local cybercrime unit.
• Step 4: Contact your bank – If you have shared financial details or made payments, notify your bank or payment provider immediately. It may help prevent further financial losses.
• Step 5: Secure your online accounts – Change passwords for all important accounts and enable two-factor authentication (2FA) to protect against unauthorized access.

The future of crypto job scams: How AI is shaping the threat

Crypto job scams are likely to become more advanced as scammers use more sophisticated technology and refine their tactics. In the future, they might use AI-generated deepfake recruiters that pretend to be from actual companies and even conduct video interviews that look real. Phishing emails may also become more competent, with scammers using AI to dig into the target’s online activity and create fake job offers that look personal and more relevant.

To stop these scams, better monitoring and comprehensive awareness campaigns are needed. Social media platforms and job websites should strengthen their verification processes to ensure only genuine companies can use these platforms. Training institutes need to teach their students how to recognize fraud.

Blockchain tracking tools can help regulatory and law-enforcing agencies detect and flag suspicious transactions, making it harder for scammers to steal money. AI-based fraud detection can catch fake job ads and scam messages.

Finally, lawmakers should centralize crypto scam reporting (especially in the US) under a single authority to better protect victims. Currently, multiple agencies handle these cases, resulting in a fragmented system. Strengthening international cooperation between these agencies is essential to effectively curb fake crypto job scams.

Disclaimer：

1. This article is reprinted from [CoinTelegraph]. Forward the Original Title‘Crypto job scams: How hackers trick applicants and how to stay safe’. All copyrights belong to the original author [Dilip Kumar Patairya]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.