Updates and Reminders From Your SDF Security Team

On July 8, 2023, SDF became aware of a scam being proliferated using a fake “Stellar” website. The StellarOrg Twitter account got caught in the crosshairs and scammers used it to post malicious tweets directing people to the phishing website. No other SDF-owned platforms were impacted during the incident.

In this blog post, we want to share more about how it happened, how we responded, and what we’ve learned for the future – because scammers aren’t going away any time soon.

First, how did these scammers get into our Twitter account? We did have Two-Factor Authentication (2FA) on the Twitter account, but it was SMS-based (which is a clear fail) and the scammers pulled off a SIM swap to get access to the account. It was a harsh reminder just how important it is for all accounts to use stronger forms of authentication, like security keys and one-time codes through authenticator applications.

How did we work to resolve the situation? Thankfully, SDF’s security, IT, legal, and marketing teams were able to move quickly. We reported and escalated with Twitter security and reached out to relevant authorities. Within six hours, SDF regained control of the StellarOrg Twitter account and posted warnings of the scam on other SDF-owned platforms in the meantime, and most notably, the scam website and posts were taken down within two hours.

Since, we’ve done a thorough review of our channels and platforms to make sure 2FA is up to standard across the board. But we’re sharing this also because it is important to be vigilant and take steps to protect yourself from scammers and phishers when interacting with the Stellar team online. In this particular case, scammers were using a fake “Stellar” website. However, unfortunately they were able to spread this information using the StellarOrg Twitter account. Our official website is https://www.stellar.org. Only trust what you see on the http://www.stellar.org website. When you want to visit the Stellar website, type https://www.stellar.org directly into the browser address bar and then bookmark the site. Only use the bookmark to visit the site. Always check the full URL before entering any personal information -- make sure, for example, someone did not replace an “l” with an uppercase I or that there are no additional letters following “.org/” in the domain address such as “stellar.org.jp/”.

While the scam website that was included in the posts as well as at least one other related website are no longer live, please stay vigilant regarding other scam sites that may continue to surface. If you fell victim to this scam, we recommend that you contact law enforcement for assistance. One place to report this type of issue is the FBI’s Internet Crime Complaint Center: https://www.ic3.gov/default.aspx. SDF does not and cannot control the operation or public usage of the Stellar protocol or Stellar network. SDF does not have access to or control over Stellar accounts created and used by individuals to access the network, and SDF does not have the capability to freeze or return XLM held in a Stellar account. You can find more information about how to protect yourself from scammers online here.

Stay vigilant and remember in the hierarchy of 2FA, security keys and authenticator codes are the best! Don’t learn the hard way.

– Your SDF Security Team

‍