Inside GitHub's Fake Star Economy

A peer-reviewed CMU study (ICSE 2026) identified 6 million fake GitHub stars across 18,617 repositories using 301,000 accounts, with AI/LLM repos as the largest non-malicious category. Stars sell openly for $0.03–$0.85 each on dozens of platforms, and VCs explicitly use star counts as sourcing signals — Redpoint data shows the median seed-stage star count is 2,850, making fake stars an extraordinarily high-ROI investment for fundraising startups. An independent analysis of 20 repos found blockchain and some AI projects with 36–81% zero-follower stargazers and fork-to-star ratios 10x below organic baselines. The fork-to-star ratio emerges as the strongest simple detection heuristic: organic projects average 0.10–0.24, while manipulated repos often fall below 0.05. Legal exposure is real — the FTC's 2024 rule bans fake social influence metrics with $53,088-per-violation penalties, and SEC wire fraud precedents apply when inflated metrics deceive investors. GitHub's enforcement removes repos but leaves 57% of fake accounts intact, preserving the infrastructure for future campaigns.