Hackers Use Fake LinkedIn Jobs to Steal Crypto Developer Code Pipelines
Share:
Security firm Wiz says an actor named JINX-0164, tracked since mid 2025, uses fake LinkedIn recruiters to install AUDIOFIX malware on crypto developer machines and harvest GitHub tokens to inject malicious code into development pipelines. On April 7 the group trojanised the npm package velora-dex/sdk to backdoor DeFi projects and DEX tooling, underscoring acute supply chain and security risks for crypto infrastructure, token launches, fundraising and CEX/DEX operations.
Predictions Markets
See what traders are focused on
- JINX-0164 uses fake LinkedIn recruiters to install AUDIOFIX malware on developer machines.
- Attackers harvest GitHub tokens to inject malicious code directly into development pipelines.
- Group trojanised npm package velora-dex/sdk on April 7 distributing backdoor to crypto devs.
A previously undocumented threat actor is systematically targeting cryptocurrency developers through fake LinkedIn recruitment campaigns, installing custom malware on their computers and then using that access to compromise the company’s entire software development infrastructure.
Security firm Wiz has named the group JINX-0164 and has been tracking it since at least mid-2025. The group has conducted multiple successful intrusions against cryptocurrency organisations, in at least one case attempting a full supply chain attack by distributing malicious code through a widely used public package…
Read The Full Article Hackers Use Fake LinkedIn Jobs to Steal Crypto Developer Code Pipelines On Coin Edition.
Predictions Markets
See what traders are focused on
Share:
Predictions Markets
See what traders are focused on
Share:
Read More
Bitcoin, ether eye worst weekly rout since FTX collapse as cryptos shed $390 billion
