Dear HN, I've just received what I would consider to be an almost perfectly crafted phishing mail. It says:

  Dear community,
  
  The Y Combinator W2026 Program is now open for applications. This world-renowned accelerator supports ambitious builders and early-stage teams, helping them transform projects into scalable companies.
  
  As a GitHub contributor, your open-source activity positions you to benefit from this opportunity. Whether you are shipping code, maintaining repositories, or prototyping new ideas, your work drives innovation and could qualify for YC’s support.
  Program Benefits
  
      Funding: $15,000,000 USD investment on standard YC terms
      Growth Allocation: Helping founders accelerate traction and align community growth with long-term success.
      Mentorship: Access to experienced founders and YC partners
      Community: A global network of alumni, investors, and experts
  
  Important:
  A refundable deposit is required for authorization. The full amount will be returned once verification is complete.
  Apply here: ycombinator.com/apply
  
  Applications are reviewed on a rolling basis. To maximize your chances, apply early via the official YC platform. Connect your GitHub profile and share your project details to get started.
  
  Best regards,
  Y-Combinator Team
  In collaboration with GitHub
  
  You are receiving this message as a registered GitHub member.
  ©2025 GitHub, Inc. All rights reserved.
  Address: 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA.

and the email was sent

  From: "mail-automatic[bot]" <notifications@github.com>

with valid DKIM and SPF:

  DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com;
   s=pf2023; t=1758673517;
   bh=US4CJqqkBhma8Fvuq02w6IzAQPikeND5kn798+L2Xbc=;
   h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post:
    List-Unsubscribe:List-Unsubscribe-Post:From;
   b=b6VQSnYetXklM0vroPZGy7uIAKxMtyJrP0f7iEFnxm+765issKWTt4iO4rEwGALot
    o8e1qRiKsz/PbbtwdbUHCXEZd/iQ1ALR1Tdq0nLQSkMzxkfPb+tPZStIyE+VMArF1P
    3zTfZjDwhHQRUURvcrP6r4MVXcW1DMoAh+mOKJrQ=
  Received-SPF: Pass (protection.outlook.com: domain of github.com designates
   192.30.252.207 as permitted sender) receiver=protection.outlook.com;
   client-ip=192.30.252.207; helo=out-24.smtp.github.com; pr=C

so the angle of Y-Combinator collaborating with GitHub appears legit. But - of course - that ycombinator.com/apply link actually uses unicode trickery to send you to a website where the "i" has been replaced with an "l". And there, it says:

  We use EIP-712 and Ethereum Attestation Service (EAS) to verify your wallet. During the process, you may see a standard withdrawal notification — this confirms your signature to record verification stamps on-chain.
  
  We guarantee that your assets remain completely secure.

which I guess is the phishing part where they steal your crypto.