Dennis Dang

March 5, 2021

I fell for a crypto Stellar email phish

No I did not lose money. But I still opened the damn email.

I wonder how many others would fall for this. Fortunately I have no stake in this blockchain, and opened the email out of curiosity. Am I more cat than rational human? What is hilarious is the string of obvious signs that I still chose to completely miss. 

The email.

Lying to myself

Here are the series of brain-tripping lies to myself that made me fall deeper into the deception. Congrats you fuckers at 🥸 You’re airdropped an @$$H0LE token for every time you almost got me below.

1. Ignoring the email address (and validity of outrageous claims).

Shit my brain says: hey this is just another competitor to mail chimp campaigns! Surely this is still okay. 🤯 I was already too captivated by the outrageous 25% APR time bomb 💣  the sender dropped in my lap. Of course I want to be a part of the 9600 limited spot to stake XLM.


2. Ignoring the URL.

How the hell did my brain, as a developer and supposedly trained internet resident brush off the fact that I’m on a fake URL? My brain said: naw Stellar has been undergoing lots of changes. Maybe this is an experiment on their end. Lmao.

I thought the email page looked decent. Did you really click it?


3. Ignoring the fact that the wallet providers actually blocked the site.

At this point, I’ve already made it supposedly to the page where I hand over my wallet.
But here! I appreciate so much the team behind these wallets. They are very likely saving thousands of victims by implementing their safety measures. Yet I still attempted the other wallet links because I thought there was a mistake 🤣🤣.

At this point I have YET to realize this was all a glaring phishing scam.


4. Ignoring the broken links.

I proceeded to still check out the website because why not? Guess I’m not earning my 25% APR. Like any curious developer, I walked to the API docs and SDKs page to see if I can find a Haskell or F# SDK to build my amazing side startup. Hmmm, broken API docs?!


What finally broke the spell on me was realization that any damn good tech organization should not have a broken API reference page! How’s that for being a good web developer? 👨‍💻

Jeez, I think I spent at least 3-5 minutes navigating this page. And guess what? I even navigated back and forth between the REAL page. That was even more confusing. 

So what did we learn folks?

Nothing new. This shit happens all the time. 

The combination of greed, money, early morning email reading, and ignorance almost made me lose my nonexistent XLM. 😗