Phishing campaign impersonates Y Combinator using GitHub issue notifications

southwindcg · 2025-09-24T00:26:35 1758673595

Discussed (and dealt with) here: https://news.ycombinator.com/item?id=45352610

(Multiple domains are being used.)

nico · 2025-09-24T00:17:35 1758673055

Yup, just got it in my email. At first I was intrigued, then I read the part where they say the application requires a refundable deposit for verification

> Next step: To confirm your preliminary registration and secure eligibility, please verify your wallet through Y Combinator. This step ensures fairness, safeguards against Sybil attacks, and does not require personal information. The process takes less than a minute: simply connect your wallet and sign a verification message.

> Important: A refundable deposit is required for authorization. The full amount will be returned once verification is complete

andy99 · 2025-09-24T00:35:14 1758674114

Also got this about an hour ago. I had previously applied to YC so thought it was about that, then saw

  Important:
  A refundable deposit is required for authorization.

and realized it was a scam.

thenickdude · 2025-09-23T23:55:09 1758671709

At the bottom of each issue is a huge amount of whitespace, then they've stuffed it with a bunch of @'s to notify users.

https://i.imgur.com/LRotRlS.png

The link goes to a typo-squatted domain using an "l" instead of an "i".

slwvx · 2025-09-24T00:11:19 1758672679

Such phishing attacks using Github seem common these days.