On May 25th, 2026, I received a remote smart-contract-security recruiting email from “Olivia Ben” at “Pulsynk.” It asked me to clone a GitLab repository called rekt-db and open it in VS Code or Cursor. The repository turned out to contain a hidden folder-open task, a malicious extension installer, and native wallet/credential-stealing binaries for macOS and Linux.