Hitchain scam?

I recently recieved a mail from HitChain.org, which states that for my effort supporting open source will gift me around 1250 hit tokens based on my numbers of commits, issues and pull requests on GitHub.

Since I dont move around block chain world, I dont know if this is scam, both url and page looks ok for me and I dont found any page speak well or badly about hitchain. I left you a copy of my mail:

Rewarding letter

Date:July  22,2018

Dear Developer:

   HitChain Foundation would like to reward you as an Open Source enthusiast with some Hit tokens based on your work on Github.
  Here is your achievements:
Commits: 248   PullRequests: 0  Issues: 25

      According to our award rules(this time only),you can apply for 1250 complimentary Hit tokens from this page:

url to hitchain.org

      Please click the link above and get your HIT token reward as soon as possible.


About HitChain Foundation:

   Hitchain aims to implement a disruptive ‘Hit’ protocol and ecosystem to improve the ‘Git’ source code management platform by leveraging the power of IPFS and blockchain technologies. The goal of Hitchain is to build an autonomous community of the developers,by the developers and for the developers. For more information please visit our website http://hitchain.org or telegram group: https://t.me/HitChain_EN.

Hitchain(symbol:HIT)went public at August 3, 2018 on exchange:Huobi Global( https://www.hbg.com ) and GateIO(https://gateio.io/).
We are look forward of your participation in the Hitchain community.

Let’s keep open sourcing!

HitChain Foundation  


I was mailed as well

I just noticed that the date at the top of the mail is inaccurate.

I got the mail yesterday. (06.07.2018 15:13 UTC+2)

My guess is phishing

An article I found:


(still haven’t opened either hitchain.io or hitchain.org, which are both mentioned in the mail)

1 Like

Actually I got 5 mails by them ^^

(first one from 05.08.2018 03:48 UTC+2)

Hi Frankusky an Djfe! I would like to extend your research with some links I found (so others can follow this discussion more quickly) and add my own ideas about this topic:

I have received a similar letter from hitchain.io . A quick research revealed that there is a company called HitChain Foundation out there. It is listed as a registered company in Singapore here and has a public white paper on their web site which seems to me to be too detailed for an easy scam. I would say if it was a scam it is a rather huge one. But I can not recommend to trust the link (yet) since I could not find a trustworthy statement about this project from a reliable source as well.

Here is what I observed regarding GitHub and HitChain:

HitChain is presented in the white paper (e.g. p.19) as an alternative to GitHub and similar projects. They want " to overcome the limitation of Git protocol" via blockchain technology, distributed software etc. and they " hope to surpass GitHub as the largest Open-source platform_"_. The HitChain repository was recently (within the last month or so) removed from GitHub. Neither of them advertises a collaboration between them. And I was contacted via my private e-mail address on GitHub which should not be available to them via my public profile page easily. The number of commits, pull requests and issues in the e-mail is correct in my case.

Therefore I think HitChain is real and there is a conflict of interest between both of them and HitChain queried GitHub’s website without their approval as a somewhat aggressive opening move against them. (I do not claim that their methods included any illegal activities!) If this is true I would not trust them due to methods they utilized.

I would like to have an official statement from GitHub since I want to know more about this affair(?) and I am concerned about a potential leakage of my private data.


Thanks @kwasniok! I was expecting an official statement from GitHub or HitChain, but there is nothing on network that links them. I would like to add that yesterday I found in this page (now removed), that each hit token has a value of 0.64 USD, that in my case, would be around 800USD, I dont understand well how block chains works, but that its too much money to be gifted in that way, that made me think that it was scam.

1 Like

Thanks @djfe, but that links just looks like a copy paste of the hitchain website… doesnt provide any special information :confounded:

1 Like

Hey @frankusky! Thank you for adding this crucial information!

I have used GitHub very rarely in the latest years and I got a score of 1110 for 349 commit, 11 issues and less than 20.000 lines of almost worthless code? This is definitively way too much money. One of the claimed investors ranks the value of the HitChainCoin on this website. (You would get approx. 450USD according to this. Still too much.) Maybe the tokens cannot be traded for fiat money?

And why is the white paper very detailed about the economic part but we get only little information about who we interact with code in this system. E.g. there is no reference to diff files or hash algorithms wich are important technical parts of tools like git.

I clicked on some of the links on their website. They have links to their pages on (facebook, twitter, telegram, git, medium and gitee). Gitee showed me this repository which is live but completely empty? There are wo tweets about their currency going live. Their removed github project. The telegram chat is just filled with people texting in many languages I cannot understand. All in all I see nothing one could set-up with litte effort despite setting up a crypto currency which should be easy if you have many investors specialized in this area.

Is this the next generation dot-com bubble? All I know is: They have a listed crypto currency and a business model which they both proudly present but not a single line of code or chat paraphrasing it to show us which tells us how they deal with the programmers input, how its distributed and so on. So at this point in time their focus lies clearly on the monetary aspects.

I have to admit that I do not understand the intensions of HitChain at all.

GitHub was or is about to be buyed by Microsoft. (see here) Is this an intrigue?

Yes, was bought by Microsoft https://www.theverge.com/2018/6/4/17422788/microsoft-github-acquisition-official-deal

1 Like

I am now very confident that it is a scam. Just search for ICO scam (initial coin offering) like here. They want us to trade their coins for other (proper) crypto currencies.

Try searching the mentioned people on their website. I could not find a second source supporting the fact that they work for HitChain. There is another important detail: Their website does not have a LEGAL or CONTACT button at the bottom of the page. Many countries in the world require a company to have these sections by law.

And there are at least two websites of them with different token distributions:

I am sorry. I should have checked these things earlier! Apparently scams got cleverer than I would have ever guessed.

EDIT: Please verify this on your own. (Since I am not an expert.) And if you are convinced it is a scam as well please mention it in this thread.


Got a similar mail as well; even though looks confusingly correct, the link to apply for the tokens does NOT link to a hitchain site but to some other  (“http://subtracker.submail.cn/trilinks?r=aH…”). Conclusion: scam/phishing.


Nice research! There is something interesting that its mentioned in the second link that you shared:

If an ICO project is proposing open-source code, an empty or nonexistent GitHub is often a red flag…

One of the most obvious red flags for a scam project is the lack of detail on how the technology works. For nontechnical investors, it can be helpful to simply check if a project has any existing files uploaded to public repositories or if a project has a functioning product.

They don’t have any link to their code (even when it looks like they love open source code), also as mentioned before, the github repository was removed. With all this evidence I am very sure that this is scam.

Thanks everyone for your input! They almost get me :mantongue:

1 Like

Hi everyone,

This post was moved to a different board that fits your topic of discussion a bit better. This keeps our community organized so users can more easily find information.

As you’ll notice, your topic is now here in the How to use Git and GitHub board. No action is needed on your part; you can continue the conversation as normal here.

Also, I wanted to address the concerns here.

Thanks for surfacing this. GitHub is in no way affiliated with this entity. If you ever receive mail from someone you don’t know and looks suspicious, we always recommend erring on the side of caution. Any official mail from GitHub or announcing new updates to GitHub will be clearly marked as coming from us.

Additionally, we expect our users to comply with our Terms of Service, which prohibits transmitting unsolicited email. We are looking into this further. To prevent messages in the future, you can keep your email address private if you wish by following the steps here:


Please let us know if you have any further questions. Cheers!


Hi everyone! Thanks for opening up this thread and your valuable posts! I hope this will help other users as much as it did for me : ) Have a good day and happy programming!

Thank you @nadiajoyce! It is exactly what I was looking for! I must have missed this option when I created my account : /

1 Like

Hi All,

I have already had my email address settings as private and I had received the same email in my primary address with correct statistics about contributions in Github. How could the scammer get the email address?

Hi @mriscoc,

I belive I have the same issue. When an e-mail address is hidden on github, it is not necessarily hidden in your commits as well. In my case all my repositories are public and some of my commits were signed with my private e-mail address. See the link @nadiajoyce posted above to get instructions on how to use a non-relpy address provided by github as your commit address. It’s easy and affects all future commits.

Apparently changing the email address in commits afterwards seems to be non trivial. One way to fix this is described here (last section) but it would change all commits depending on the commits which contained the old address because their hash values will be different. This might be a no-go if you are working in a team. I haven’t tried this method yet and might test it on a dummy project first.

1 Like