Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Tell HN: FluenceLabs are pushing out crypto tokens to FOSS devs, unclear if scam
7 points by tetris11 on July 11, 2024 | hide | past | favorite | 9 comments
I got an email this morning reading:

    > Hello, tetris11
    >
    > I'm writing in regards to your github profile.
    > Fluence Network have been awarding their tokens to developers
    > who have made commits to open source web3 repositories in
    > 2023.
    >
    > According to my research, your GitHub profile is eligible to
    > claim <number> FLT tokens due to your web3 contributions.
    
    > As of the current market value, these tokens are approximately
    > worth $<value>. Please, note that you can exchange them for Ethereum
    > or USD in two months after claiming them. These  tokens can be
    > exchanged on any exchange platform.

    > For verification and to claim your tokens, you can visit Fluence's official Twitter profile:
    > https://x.com/fluence_project/status/1775354001955151999 where
    > they have posted the official claim link. Also you can find some
    > instructions on their GitHub repo: fluencelabs/dev-rewards
    
    > If you do collect your tokens, it would be appreciated if you
    > could share a percentage with me as a finder's fee. My Eth
    > wallet address: <some long hex>
    
    > Feel free to reach out to me on my social networks -  telegram:
    > @<sometelegram>, twitter: @<sometwitter>, primary email address: <someemail>@gmail.com
    
    > best regards
    > <NAME>
I guess I have to ask. This is a crypto scam, right? One that requires you to sign with the same SSH keys you use in Github?


Definitely a scam. This issue was recently created in the repository the email mentions:

https://github.com/fluencelabs/dev-rewards/issues/141

stay away!!!


hadn't heard of this project before, but their github does include instructions on how to claim it even in a network-less dedicated docker container if you're truly paranoid.

https://github.com/fluencelabs/dev-rewards/blob/main/MANUAL_...


I wouldn’t trust it. I got the same email as OP and checked it out. I suspect they somehow embed the user’s private key in the output “proof” so that they can then start pushing malicious code to all your GitHub repositories. I wasn’t able to confirm that this is what actually happens, but it is definitely fishy.

If they genuinely wanted proof of account ownership there are other ways to do it. OAuth, for example.


> I suspect they somehow embed the user’s private key in the output “proof” so that they can then start pushing malicious code to all your GitHub repositories.

> I wasn’t able to confirm that this is what actually happens

So it's a baseless accusation, you can see exactly what happens.


"baseless accusation" is wild. have you not observed the result of 99.999999999999999999999% of emails that randomly tell people you are eligible for receiving some token allocation?


Use the web version. It seems it never touches the private key.


from the issue ive found it seems like they're interested in harvesting SSH keys.

https://github.com/fluencelabs/dev-rewards/issues/141


Idk if this email is a scam but Fluence is a legit project.


I dk fluence but if it's legit then it's unfortunate they've been used a pawn by the bad actor(s) attempting this scam. I linked to this issue in my reply but here it is again

https://github.com/fluencelabs/dev-rewards/issues/141




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: