A large-scale phishing operation targeted GitHub users by exploiting their notification system to deliver fake YC W2026 program invitations, aiming to steal cryptocurrency. The attack involved malicious repositories, obfuscated JavaScript on fake sites, and fraudulent wallets draining usersβ digital assets. #GitHubPhishing #YCombinator #CryptoTheft
Keypoints
- The attackers utilized GitHub issues and user tagging to send fake notifications to targeted developers.
- The phishing campaign advertised an application to YCβs Winter 2026 Batch, offering a misleading opportunity for funding.
- The fraudulent websites used obfuscated JavaScript to prompt users to connect their wallets for verification.
- If users connected their wallets, they authorized malicious transactions that drained their cryptocurrency assets.
- GitHub, IC3, and Google Safe Browsing removed the malicious repositories after community reports.