Why would anyone need to hand over their credentials to sci hub if it weren't for this purpose? Neither the BBC nor the police present any evidence of this "phishing" that I can see.

If I still had access to my university creds I'd totally give them to sci hub. They're doing God's work.