Graduation day from First Romanian Solana Program! My diploma is an NFT, my student loan is in USDC, and my brain is 80% memes. Thanks again to @_danielpavel @cometsofweb3_ and Andrei!

Just wrapped up a full redesign of the profile page in my app 👇.Cleaner layout, better UX, and mobile-first updates. Took a lot of community feedback into account. Would love yours too. Thanks and Cheers 🥂

6/.Help protect others. Share this with devs, especially in web3 and blockchain. These scams are getting smarter, and they’re targeting people who move fast. Stay sharp. #devtips #javascript #web3 #scamalert #malware.

5/.The takeaway:.Even if the top of a script looks clean, scroll the whole file before you try it on your local machine. Check every line. Look for whitespace tricks, scrambled code, or weird package usage. This isn't paranoia, it's basic self-defense in 2025.

4/.🔥 What this hidden script actually does:.- Scrambles the code to hide its true purpose.- Collects info about your system (like username, OS, machine name).- Constructs a download link using hidden pieces of text.- Pulls a second malicious file from an external server.- Saves.

3/.Scroll to the right and there it is. Hidden behind hundreds of empty or whitespace lines: a wall of scrambled code. This is how they get you. If you’re not inspecting the full file, you’ll miss it entirely.

2/.But something felt off. So I checked the bottom scroll indicator. Why is this tiny file scrollable for hundreds of lines? 🤔.Time to dig.

1/.At first glance, this file looks totally normal. No red flags, no sketchy logic, just a basic Node.js setup. Looks fine, right?

Did a deeper dive into the actual code behind one of these "too good to be true" scam jobs. Here's how they trick you visually, and what the hidden script really does. Thread 🧵👇.

8/.Have you seen similar tactics? Let’s raise awareness. Reply with your experience or retweet this thread so other devs don’t get caught off guard. Stay safe out there. #web3 #blockchaindev #devtips.

7/.If it feels off, block and report the sender. These scams are designed to exploit your ambition and curiosity. Stay cautious. Run nothing you don’t trust.

6/.⚠️ Dev tip:.Always inspect every dependency before running unfamiliar code. If you see weird 0.0.x packages or anything you don’t recognize, google it or stop immediately.

5/.These packages are often used to smuggle in malicious payloads. Sometimes the code is hidden with long whitespace or buried in obfuscated logic that runs when you install or execute.

4/.I saw this twice in the last day on Upwork. Both times, they sent Bitbucket links. Once I checked the project, I noticed red flags in the package.json file:.- fs@0.0.1-security.- execp@0.0.1.

3/.They send a GitHub or Bitbucket repo. You're told to clone it and run the app locally to “evaluate compatibility.”.This is where the danger starts.

2/.The scam starts with a DM on X, LinkedIn, Telegram, or Upwork. They offer $150/hr or $20k/month for a long-term project. Sounds amazing, right?.Then comes the "quick technical assessment.".

1/.🚨 Devs, beware: a wave of scam job offers is targeting blockchain & web developers. They promise huge pay, then ask you to run shady code from a repository that most of the time has maximum 5-6 commits. Here’s how it works (and how I nearly fell for it) 🧵.

We just dropped a juicy one on @superteam Earn 👇.If you're vibing with NFTs and a daily cup of coffee (or something stronger). @cheersupSOL is for you. ✅ Make a profile.✅ Post your profile.✅ Mention your combo.✅ Bring your crew.Let’s link Solana one sip at a time →.

This was one of my best experience so far. 👀.

It’s my birthday today, but we cooking the Budapest after movie and we Cheers! 🥂