Skip to the content
Pragmatic Coders
  • Services
        • All Services
        • Software Development
          • Web & Cloud App Development
          • Mobile Application Development
          • No-Code Development
          • Blockchain Development
          • DevOps Services
        • Custom Fintech Software
          • Trading Software Development
          • Insurance Software Development
          • Custom Banking Software
          • Custom Financial Software
          • Mobile Banking App Development
        • Custom Healthcare Software
          • Patient Portal Development
          • Telehealth App Development
          • Custom Physical Therapy Apps
          • Custom Telemedicine Software
          • Custom Patient Engagement Apps
        • AI Software Development
          • AI Agents Development
          • AI Integration Services
          • AI Data Solutions
        • Product Design
          • UX Research
          • UX Design
          • UI Design
        • IT outsourcing
          • Nearshore Outsourcing
          • Offshore Outsourcing
          • Build Operate Transfer
  • Industries
        • All Industries
        • Fintech
        • Digital Health
        • E-commerce
        • Entertainment
        • Custom Software Development Services
        • Business Consulting
  • Case Studies
        • All Case Studies
        • FintechExplore our curated fintech case studies, showcasing the cutting-edge software solutions we’ve developed to revolutionize the financial technology landscape.
          • Atom Bank - One Of UK's Top Challenger Banks
          • KodyPay - Payment Platform
          • BLOC-X - OTC Commodity Trading
        • Blockchain
          • Common Wealth: Web3 investing platform
          • UltiArena: Play-to-Earn NFT Hub
          • EXCC - Developing New Blockchain
        • Digital HealthBrowse through our digital health case studies, illustrating how our technology innovations are transforming healthcare, enhancing patient outcomes, and streamlining medical processes with bespoke software solutions.
          • WithHealth - Medical Platform
          • AccentPharm - Medical Translations
          • Health Folder - Medical Documentation Management
        • E-commerce/RetailDiscover our e-commerce case studies, highlighting our development of scalable, user-centric platforms that boost sales, enhance the shopping experience, and streamline operations in the digital marketplace.
          • Kitopi - Smart Kitchen
          • Webinterpret - Cross-platform E-commerce
          • Photochain: Decentralized photo marketplace
        • EntertainmentExplore our case studies in entertainment projects, where creativity converges with technology to create immersive and engaging digital experiences that captivate audiences globally.
          • Unlocked - Events Management
          • Duel - Social Media App
          • OnLive: Decentralized streaming platform
        • AIDive into our AI case studies to discover how artificial intelligence is applied to solve complex challenges, improve decision-making, and increase efficiency across various industries with our advanced solutions.
          • Accounting Automation
          • US Patient Care Platform | AI & Data Science
  • About us
        • About us
        • Meet Our Team
        • How We Work
        • Become a Partner
        • News
        • Join Us!
  • Blog
        • All curated categories
        • FintechInterested in the development of a new custom fintech product? Check our articles about new fintech trends and fintech product development. If you are looking for experienced fintech software development partners do not forget to check our fintech software development services. You may also find interesting our blockchain development services.
        • Digital HealthDigital health encompasses the use of technology and data to improve healthcare delivery and patient outcomes. If you want to build a digital health app, check out our healthcare software development services.
        • Blockchain
        • AI
        • Product Development
        • Product Management
        • Product DesignA successful product needs to be well planned and tested by its users as early as possible. Here we share our knowledge and experience from more than 60 startups we helped build in the last years.
        • Agile & Scrum
        • Startup
        • Outsourcing & Collaboration
  • Resources
        • All Resources
        • Tools
          • Market Insights AI
        • Guides
          • Fintech guide
          • Digital health guide
          • Insurtech guide
          • AI trends
        • Other
          • Newsletter
          • Glossary
          • Product Health Checklist
          • Best AI for coding in 2025: AI tools for developers
          • 60 startup business model patterns for 2025
        • Ebooks
          • How to start a startup
          • How to go live with your product in less than 3 months
        • Video
          • Podcast
          • Webinars
  • Contact us
Congrats, you are up to date! Now you can impress your friends with your cutting-edge knowledge.
Mark all as read
Contact Us
Home Pragmatic Blog News Client sent us a repo with a backdoor. Security in software development
News, Product Development
May 08,2025
3 min read

Client sent us a repo with a backdoor. Security in software development

chess blockchain scam code

Hi everyone!

This post is going to be a bit long, but it’s important because we encountered a SCAM with one of our recent leads, and I wanted to briefly share what we found, what raised red flags during our interactions with the potential client, and what takeaways we drew from the situation.

Long story short: We received a repo that had a backdoor likely designed to steal env variables or crypto keys.

Project: An online chess game with blockchain functionality. The client claimed the app was ~30% complete and that they needed blockchain integration. There was even a kind of whitepaper. At first glance, it looked like a legit project in need of further development. The budget was fine, everything looked potentially attractive. Our task was to review the client’s repo and present an offer.

We were given access to a monorepo consisting of the backend server with the game, API, and frontend. The repo at first glance looked like many other in-progress projects—nothing that particularly stood out. We did an initial analysis and prepared an offer.

So what actually happened during the meeting with the client that made us cut off talks and discover what we did?

  • The client didn’t speak English at all. The conversation was very difficult. No camera.

  • The client didn’t understand what we were asking. We asked for access to the smart contracts repo, and he shared the same monorepo again.

  • The client insisted we download the repo, run it, and go through tasks together. HUGE RED FLAG

  • The client didn’t talk about sales or collaboration, just pushed for us to run the code.

  • The repo had no commit history—uploaded just before the meeting. The commits were made by a newly created account with no contribution history.

chess blockchain scam code

What did we find during the later analysis of the repo?

In one of the routes, there was indeed obfuscated JS code acting as a backdoor. It was placed on the last line of a file, padded with hundreds of spaces so that a developer manually reading the code would likely overlook it. The final line was over 1,000 characters long. The code created a .js file in the .vscode folder, ran it, installed dependencies using npm i --silent, and launched a background script every 10 minutes. Due to obfuscation, full reverse engineering wasn’t possible.

chess blockchain scam codechess blockchain scam code

Where did we slip up?

Primarily in doing a visual repo check. Also, the first AI-assisted analysis didn’t flag anything because the prompt was focused on technical evaluation and project completion level.

What did we do right?

We didn’t run the code. Simply cloning the repo wasn’t dangerous. We cut off communication with the “client” at the right moment. We conducted a post-mortem analysis. We prepared a summary.

TAKEAWAYS?

  • During the sales phase, there’s no need to run foreign code

  • In general, you should never run code from unknown sources—this scam tactic is also used in fake job interview tasks.

  • If you absolutely must run unknown code, do it in a fully virtualized environment.

  • When doing AI-assisted code analysis, prompts should explicitly instruct AI to look for potentially malicious code.

  • In IDEs, auto-running scripts via AI tools should be disabled. (e.g., in the Cursor editor)

  • For the curious, here’s the reverse engineering OpenAI helped us with: https://chatgpt.com/s/dr_6819d873cbf48191a3d534054e655af2

Thanks for reading—let’s hope we all get as few leads like this as possible. 🙂

Article author

Patryk Odziomek

Patryk Odziomek

Blockchain Specialist. Senior Solidity Developer. Creating innovative solutions for distributed networks.

Newsletter
Recent Topics
chess blockchain scam code
News, Product Development
Client sent us a repo with a backdoor. Security in software development
AI, Product Development
Secure AI-Assisted Coding: A Definitive Guide
8 best healthcare software development companies
Digital Health, Product Development
Top healthcare software development companies (Top 8 in 2025)
Top AI Agent Development Companies in 2025 Cover
AI, Product Development
Top AI Agent Development Companies in 2025
Healthcare as a Service (HaaS): What it means and why it matters in 2025
Digital Health
Healthcare as a Service (HaaS): What it means and why it matters in 2025

Related articles

Check out our blog and collect knowledge on how to develop products with success.

Client sent us a repo with a backdoor. Security in software development chess blockchain scam code
News, Product Development
May 08,2025
3 min read

Client sent us a repo with a backdoor. Security in software development

Read More
Secure AI-Assisted Coding: A Definitive Guide
AI, Product Development
May 08,2025
9 min read

Secure AI-Assisted Coding: A Definitive Guide

Read More
Top healthcare software development companies (Top 8 in 2025) 8 best healthcare software development companies
Digital Health, Product Development
Apr 30,2025
9 min read

Top healthcare software development companies (Top 8 in 2025)

Read More

Our Core Software Development Services

Custom Software Development Services

Custom Software Development Services

Custom Software Development Services for Startups & Tech. Bespoke software built by experts in contemporary software product development.
Learn More
Custom Fintech Software Development Services

Custom Fintech Software Development Services

Custom Fintech Software Development Services from industry experts. Scalable fintech apps, trading platforms, challenger banks, blockchain, and more.
Learn More
Healthcare Software Development Company

Healthcare Software Development Company

Healthcare software development services from industry experts. We have 10 years of experience in this highly regulated and demanding space.
Learn More
Custom AI Software Development Services

Custom AI Software Development Services

We can build your AI app from scratch or implement AI solutions to your existing product. Get a free consultation today!
Learn More

Newsletter

You are just one click away from receiving our 1-min business newsletter. Get insights on product management, product design, Agile, fintech, digital health, and AI.

LOOK INSIDE

Pragmatic times Newsletter
  • Business Consulting
  • Product Discovery Workshops
  • Product Management Consulting
  • Fundraising Consulting
  • Software Product Design
  • UX Design
  • UX Research
  • UI Design
  • Custom Software Development-services
  • Web & Cloud Application Development
  • Mobile Application Development
  • No-code Development
  • AI Software Development
  • Custom Blockchain Development
  • DevOps Services
  • Technology Consulting
  • Industries
  • Fintech
  • Digital Health
  • E-commerce
  • Entertainment
  • Custom Software Development Services
  • About Us
  • Meet Our Team
  • How We Work
  • Become a Partner
  • Newsroom
  • Featured Case Studies
  • Atom Bank
  • Kitopi
  • WithHealth
  • UltiArena
  • Resources
  • Digital Health Guide
  • Fintech Guide
  • Insurtech Guide
  • Newsletter
  • E-books
  • Podcast & Webinars
  • Blog
  • Product Development
  • Fintech
  • Digital Health
  • AI
  • Product Management
  • Agile & Scrum
  • Outsourcing & Collaboration
  • Blockchain
  • Startup
Pragmatic Coders Logo

ul. Opolska 100

31-323 Kraków, Poland

VAT ID: PL 6772398603

Contact

[email protected]

+48 783 871 783

Follow Us
Facebook Linkedin Github Behance Dribbble
© 2025 Pragmatic Coders. All right reserved.
  • Privacy policy
  • Terms of use
  • Sitemap