Beware of fake 1inch recruiters on LinkedIn

A growing scam trend involves attackers creating fake LinkedIn profiles impersonating recruiters from well-known crypto and Web3 companies, including 1inch.

You receive a LinkedIn message from someone claiming to be a recruiter at 1inch. The profile looks credible. The opportunity sounds real. The conversation flows naturally.

Then something feels off.

Because the person you’re talking to has nothing to do with 1inch.

This scenario is becoming increasingly common - not just for one company, but across the entire industry. Scammers are targeting developers, researchers and Web3 professionals by impersonating trusted figures and organizations.

When trust becomes the attack vector

These actors rarely present themselves as obvious fraudsters. Instead, they position themselves as people you would normally trust: recruiters, engineers, executives, even journalists.

Their goal is not to trick you immediately, but to build just enough credibility to lower your guard.

Once that happens, the interaction starts to look like a legitimate hiring or collaboration process.

How it usually unfolds

It often begins with a simple connection request from someone claiming to work at a well-known company. After a brief exchange, they introduce an opportunity - a role, a collaboration or an interview.

The conversation may move to a call or continue across different platforms. Everything appears routine. Then comes the “test task.”

You are asked to complete an assessment. It may involve cloning a GitHub repository, running code locally or downloading certain files and dependencies.

At this point, the attack is already in motion.

What looks like a standard technical task may actually contain malicious code designed to steal credentials, extract private keys or compromise your device and accounts.

Why these scams feel real

What makes these attacks effective is the level of coordination behind them.

Scammers often create entire networks of fake profiles that interact with each other, endorse one another and simulate real teams. In some cases, they even use compromised accounts belonging to real people to appear more trustworthy.

They may target individuals who are already connected to the company or active in the industry, making the outreach feel relevant. Conversations are often moved across platforms - from LinkedIn to Telegram to Zoom - to reinforce the illusion of legitimacy.

By the time the “task” appears, the setup already feels convincing.

Subtle warning signs

There are usually small inconsistencies, but they’re easy to overlook.

A profile might have limited activity or a recently created history. Work experience may be vague or inconsistent. The profile photo might look a bit generic or AI-generated.

The interaction itself may feel slightly rushed. You may be encouraged to act quickly, skip steps or move outside official channels. And, most importantly, you may be asked to run code or download files without proper context or verification.

Individually, these signals might not seem significant. Together, they form a pattern.

Staying safe in practice

The most effective protection is also the simplest: don’t run code you don’t trust.

Before engaging further, take a moment to verify the person. Check their profile history, connections and activity. Cross-check their identity through official company channels if possible.

Be especially cautious with unsolicited offers and take-home tasks from unknown recruiters. If something requires you to download files, execute code or join calls via unfamiliar links, treat it with skepticism.

Legitimate companies follow structured hiring processes. They don’t normally require urgency, and they don’t ask candidates to execute unknown code without clear context.

If you encounter a scam

If you suspect something is wrong, stop immediately. Do not download or run anything. End the conversation and report the profile on the platform where the interaction started.

If you identify coordinated fake accounts, consider warning others. These scams often rely on scale and repetition.

A simple rule

In Web3, where code is often the interface to value, trust becomes a critical vulnerability. If something feels off, it probably is.

Learn more about avoiding crypto/Web3 scams in this Help Center article.