Phishy Business: GitHub Users Hooked by YC Crypto Scam Gone A-Foul!

GitHub users fell prey to a phishing campaign involving fake Y Combinator invitations and cryptocurrency drainers. The attacker cleverly used GitHub’s notification system, luring developers with a $15 million promise. However, instead of funding, victims found their crypto wallets drained. Developers, secure your wallets—YC isn’t offering a prize for that!

3P
Published: September 24, 2025 12:43 pmAdded: September 24, 2025 at 6:08 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like some cyber tricksters are trying to play startup cupid, but instead of connecting you with investors, they’re hooking you up with empty crypto wallets! If only these scammers put their creativity to good use, they might actually make it into Y Combinator for real!

Key Points:

– Massive phishing campaign targets GitHub users with fake Y Combinator invitations.
– Attackers exploit GitHub’s notification system to send legitimate-looking emails.
– Victims are lured with the promise of $15 million funding, only to have their crypto drained.
– The scam involves a cleverly misspelled domain and sneaky JavaScript.
– GitHub and other platforms have taken down the fraudulent repositories.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?