Tell HN: FluenceLabs are pushing out crypto tokens to FOSS devs, unclear if scam
10 comments
Definitely a scam. This issue was recently created in the repository the email mentions:
https://github.com/fluencelabs/dev-rewards/issues/141
stay away!!!
https://github.com/fluencelabs/dev-rewards/issues/141
stay away!!!
hadn't heard of this project before, but their github does include instructions on how to claim it even in a network-less dedicated docker container if you're truly paranoid.
https://github.com/fluencelabs/dev-rewards/blob/main/MANUAL_...
https://github.com/fluencelabs/dev-rewards/blob/main/MANUAL_...
I wouldn’t trust it. I got the same email as OP and checked it out. I suspect they somehow embed the user’s private key in the output “proof” so that they can then start pushing malicious code to all your GitHub repositories. I wasn’t able to confirm that this is what actually happens, but it is definitely fishy.
If they genuinely wanted proof of account ownership there are other ways to do it. OAuth, for example.
If they genuinely wanted proof of account ownership there are other ways to do it. OAuth, for example.
> I suspect they somehow embed the user’s private key in the output “proof” so that they can then start pushing malicious code to all your GitHub repositories.
> I wasn’t able to confirm that this is what actually happens
So it's a baseless accusation, you can see exactly what happens.
> I wasn’t able to confirm that this is what actually happens
So it's a baseless accusation, you can see exactly what happens.
"baseless accusation" is wild. have you not observed the result of 99.999999999999999999999% of emails that randomly tell people you are eligible for receiving some token allocation?
Use the web version. It seems it never touches the private key.
from the issue ive found it seems like they're interested in harvesting SSH keys.
https://github.com/fluencelabs/dev-rewards/issues/141
https://github.com/fluencelabs/dev-rewards/issues/141
Idk if this email is a scam but Fluence is a legit project.
I dk fluence but if it's legit then it's unfortunate they've been used a pawn by the bad actor(s) attempting this scam. I linked to this issue in my reply but here it is again
https://github.com/fluencelabs/dev-rewards/issues/141
https://github.com/fluencelabs/dev-rewards/issues/141
I guess I have to ask. This is a crypto scam, right? One that requires you to sign with the same SSH keys you use in Github?