Stellar Development Foundation disclosed a phishing attack on November 29 targeting community members with fake emails impersonating SDF. The attackers compromised third-party email service API keys but did not access Stellar network infrastructure or user accounts; SDF emphasized it never requests secret keys.
The Stellar Development Foundation reported a phishing campaign that reached community members on November 29, with fraudulent emails falsely claiming to be from SDF requesting authorization for new secret keys. The attackers gained access to API keys for a third-party email service authorized by SDF to send notifications, allowing them to send phishing emails from a Stellar domain. SDF quickly disrupted the attack, redirecting clicked links to error pages, and confirmed that no Stellar network infrastructure or user accounts were compromised. The foundation emphasized that it never requests secret keys and cannot reset accounts. Approximately 2500 phishing emails were opened from the Stellar domain before being stopped. SDF has referred the incident to law enforcement and recommends community members review security guides and use ecosystem resources like Keybase channels and stellarscam.report to stay informed about scams.
