The Reality of Fake Developers in Crypto and Web3
- Posted: 17.04.24
In an industry that thrives on innovation and precision, the presence of fake developers is akin to finding a glitch in a meticulously coded program. Imagine hiring what seems to be a skilled developer, only to discover their expertise is as authentic as a photoshopped image on a resume.
Sadly, we’ve seen this very scenario before; up to 10% of the applications we receive are from fake devs. And when we posted something about it on LinkedIn recently following the Munchables hack, the responses quickly let us know that lots of others have also.
The consequences of fake devs? Delayed projects, squandered resources, and a tarnished reputation.
Let’s dig a little deeper into fake devs, explore their implications, and discuss strategies to mitigate the risks – for real devs and the companies who want to hire them.
What is a “Fake Dev”?
A ‘Fake Dev’ is simply a person (or persons) acting under an assumed identity or fraudulent LinkedIn profile to secure jobs within the tech and blockchain space.
These people are essentially scammers: you think you’re hiring John Smith, Rust developer from a top-20 DeFi protocol, when the actual truth is much more sinister.
Typically the fake dev (or fake devs) run this scheme on 100s or even 1000s of job applications per month. They secure multiple development contracts or permanent positions, deliver average or sub-par work, and aim to collect at least a month’s wages before being spotted and promptly fired.
It sounds fantastical – but imagine you did this and secured 5/100 positions per month. That’s 5 monthly salaries on a 5% return. And these aren’t cheap salaries, either – many are asking for salaries in the 10k per month range. Potentially, a fake dev could make upwards of 50k per month – not bad for a few weeks work!
Making the scam even worse, often these false actors run in ‘Dev Shops’ – sites with 10 or more developers in a room. Some will be working on projects they’ve already been hired for, some are scouting for hiring managers/recruiters to dupe; all in the same room, at the same time!
In fact, the dev you chat to may not even be the dev who ends up working on your project. Dev shops also tend to work in a syndicate controlled by a centralised, higher power..
Why Do Fake Developers Exist?
There can be a myriad of reasons why people choose to operate in this fashion. From a relatively innocent just-trying-to-get-by to the more sinister options – we regularly hear stories of protocols and companies hiring what they think are legitimate developers but who are actually criminals, opening them up to various hacks and exploits.
The tech industry’s insatiable appetite for talent has inadvertently fueled this dilemma. With high stakes and even higher rewards, there are at least three potential motivations for fake developers:
- Increased wages: The mildest form of the fake dev is the applicant who invents positions in his previous work experience. It’s easy enough to add “Senior Developer at Startup X” to your resume, and invent a few connections to support your claim.
- Wage fraud: A more extreme form of fake dev is the applicant who fabricates all or part of a resume and then works multiple jobs, often at the same time, claiming any initial wages while doing very little work.
- Scams: Fake devs stealing wages is its own type of scam, but there’s also the potential for malicious actors to creep into a company as a fake dev. In the worst-case scenario, these fake devs can create backdoors or learn weaknesses that they can exploit later.
What are the implications for the hiring team?
Whilst it may seem like a minor inconvenience at first – okay, we hired someone who wasn’t who we thought they were, but if they do the work, what does it matter? Unfortunately, it’s not that simple. Hiring a false actor can have severe ramifications for companies trying to run legitimate businesses.
If you hire someone you believe to be working in America, for example, but later find out they are based in China – this can cause issues and illegitimacy around taxes and financial reports that the company publishes. It also impacts how they pay their employees, as well as issues involving interactions with counterparties based in countries that are sanctioned (Russia, North Korea, Iran) which is obviously illegal.
More so, it’s not ideal to be duped into hiring a team of average-level developers when you were looking for one superstar. More often than not, despite completing some work remotely, these false actors are unlikely to show up to meetings, stand-ups, respond to emails, engage with other team members or contribute to the project in any way other than basic code. This does nothing to contribute to the success of the project itself and can create more problems than it solves.
To sum it all up:
- Project Failures: Fake developers can lead to critical errors and delays, jeopardizing entire projects.
- Financial Losses: The cost of hiring, training, and then rectifying the mistakes of fake developers can be astronomical, especially for startups and smaller companies.
- Distrust and Demoralisation: Often, genuine team members end up shouldering more of the burden in the wake of a fake dev’s hiring (or firing), damaging team cohesion.
- Operational and Reputational Damage: Being caught with fake devs is bad enough; being the target of a scam is even worse. The recent Munchables hack resulted in losses of roughly $63 million from a similar scam.
Identifying Fake Developers
So how do you spot a fake developer? In short, learn to look for warning signs, and then take the time to verify candidates. These are all preliminary steps, long before we get to the point of matching candidates to particular jobs.
At Plexus, we tend to notice the same warning signs with fake devs:
- Generated background on video calls that conceals actual location
- Poor communication skills combined with bad connectivity issues; as one recruiter states,
“I always make sure to get developers on a face-to-face Zoom or Google Meets interview. If they have their face super close to the camera and have a background filter to hide others, they’re likely fake and probably working in a Dev shop somewhere.”
- Lack of awareness or knowledge about the location they claim to be from (e.g – a fake claiming to be from Stockholm being unfamiliar with the Royal Palace, or someone claiming to be in New York having no idea what Times Square is)
- Generic email address/usernames (e.g CryptoDev267)
- Insistence on freelance agreement, even if the hiring company is directly based in the same country as they claim they live in
- Incessant background noise (typically typing/talking from other devs in the room)
- Unknown or genuinely fake projects listed on CV that lead to dead links
- Inability to explain in detail what technologies they have worked with beyond some simple googling
- Asking for a standard salary; for some reason, fake devs always seem to want $10k per month
Verification Steps
At Plexus, the verification process involves a number of steps
- Audio and visual checks
- Verification through our network
- Deep dives into technical platforms and social media
- Social verification
We verify candidates the old-fashioned way first – talking to them by video and getting “eyes-on” to make sure that there’s a living, breathing person behind the PDF resume that popped into our inbox.
After that, years of working in the space has given us numerous contacts all over the globe who we can talk to and ask questions. Do they know the candidate? Is there someone in our network who worked at one of the previous locations the dev listed in their resume? These are great ways to weed out fake devs.
Github, Telegram channels, Discord – following up on candidates’ work on those platforms can be a quick way to verify quality developers with a lengthy history in the space. There’s also a basic level of social verification that works, assessing a dev’s social and cultural background, social media profiles, and more.
Avoiding the Fake Developer Label
What about employees?
If you’re just starting out in the space, you might be concerned that you could accidentally look like a fake dev. You’re probably worried for nothing – true fake devs are in a category of their own.
But to avoid any confusion, here’s some steps to follow, per our own Lauryn Ifill, a delivery consultant here at Plexus:
- Keep your CV clear and concise
- Links to any projects you’ve worked on (dead links are always a red flag, especially in crypto where fake dead projects can be spoofed easily)
- Github access (the more contributions the better)
- Updated LinkedIn profile with active use
- Interactions with people in the space – Crypto is a who’s-who most of the time, chances are if you interact with people in projects/communities you enjoy, people will recognise you as a contributing figure
Legal and Ethical Considerations
While embellishing skills might seem like a grey area, crossing into outright deception for personal gain veers into unethical and potentially legal territory. Companies must also reflect on their hiring practices to ensure they are not inadvertently encouraging this behaviour.
Developing Authenticity
There’s a persistent problem with bad actors in the crypto and web3 spaces, and fake devs are just one aspect of that problem. Fortunately, fake devs can be detected easily with appropriate due diligence. Plexus makes that due diligence part of our overall recruitment process, and we know what to look out for. That can be harder for smaller startups or new projects that don’t have extensive connections or resources.
At Plexus, we are committed to in-depth screening of candidates we interact with in our network. All of our consultants are educated on what red flags to look out for when dealing with technical candidates across the globe, and generally, we’re pretty good at spotting a fraud.
It’s always a benefit to work with a trusted and legitimate talent or staffing partner or organisation who will easily spot and identify false actors before their CV makes it to your inbox. Without a recruitment partner, the responsibility to vet and screen these candidates falls on hiring teams, who may not be as accustomed to spotting fakes – especially whilst working to fill roles quickly.
By implementing rigorous hiring practices and nurturing a culture of honesty, companies can protect their projects, people, and reputation, ensuring that the only thing fake in their environment is the placeholder data in their test databases.
If you’d like to avoid any confusion around hiring, drop us an enquiry and let us do the rest!
Written by
Lauryn Ifill
Senior Consultant