Scams are an unfortunate outgrowth of any industry involving money, including crypto. The Stellar Development Foundation team hates to see anyone in the Stellar community targeted or hurt by scams. We have a full-length security guide we highly encourage you to read, but the abbreviated version is below.
First things, first – here’s what to know about SDF:
SDF is a non-profit organization that supports the growth and development of an open-source distributed ledger protocol called “Stellar” or the “Stellar network.” The Stellar network is run by a global set of independent validators and is publicly available for use. SDF:
- DOES NOT and CANNOT control the operation or public usage of the Stellar protocol or Stellar network
- DOES NOT have access to or control over Stellar accounts created and used by individuals to access the network.
- DOES NOT have the capability to freeze or return XLM held in a Stellar account.
The SDF team will:
- NEVER ask you for your private keys.
- NEVER ask you to deposit funds to any wallet address.
- NEVER host staking initiatives and competitions.
- NEVER cold direct-message (DM) people to participate in airdrops and giveaways.
- NEVER cold DM people regarding support issues or security alerts.
- NO LONGER hold airdrops or XLM giveaways.
Our official site is https://www.stellar.org/. To access the site, type the URL into your browser address bar and then bookmark the site. Only use the bookmark to visit the site. Scammers can create fake websites that look very convincing, so always check the full URL before entering any personal information — make sure, for example, someone did not replace a lowercase “L” with an uppercase “i”! or that there are no additional letters following “.org/” in the domain address such as “stellar.org.jp/”.
You can also find official announcements from SDF on our active social media accounts, which are:
The SDF team will only email you from emails using the @stellar.org domain and will never ask for sensitive information like private keys.
When in doubt, please fill out this form (https://www.stellar.org/contact) and we will instruct you whether a communication is actually from SDF.
All official partnerships and announcements are made on our social media and website — do not fall for any third party rumors or speculation. If you see a reposted announcement in any other forum that does not contain a link to the original information on our website, it is fake. Only trust what you see on the https://www.stellar.org/ website.
Lastly, a few quick notes:
- Always verify the domain and email addresses where the communication is coming from. In addition, check the website certification.
- Be thoughtful about how you store your crypto and how you protect your keys. There are many options out there, so find one that you understand and works for you. For example, one approach that can help minimize the risk of loss from a compromised self hosted wallet is to hold the majority of your crypto in a "cold wallet" and only interact with third-party accounts or interfaces from a “hot wallet.” A cold wallet is somewhere you keep most of your assets, and you don’t interact with third-party accounts or interfaces through it. When you want to interact with a third-party account or interface, you can send only those assets you wish to use for that interaction from your cold wallet to your hot wallet. That way, even if the hot wallet were compromised, only the assets you moved to your hot wallet for the activity would be at risk as the majority of your assets would still be stored in your cold wallet.
- If you believe you are a victim of a scam or fraud, we recommend that you contact the relevant law enforcement agency for assistance. In the U.S., one place to report this type of issue is the FBI’s Internet Crime Complaint Center: https://www.ic3.gov/default.aspx.