Scammers are using compromised YouTube accounts to steal millions of dollars in crypto from unsuspecting viewers, according to a new report.
The cybersecurity firm Tenable says digital thieves are employing a savvy blend of fake celebrity endorsements and trending cryptocurrencies to reap illicit gains through fake giveaway events.
Analyst Satnam Narang says the scammers are utilizing YouTube Live to create supposed live streams that in actuality broadcast pre-recorded, ripped-off and manipulated content.
“To promote the fake cryptocurrency giveaways on YouTube, scammers follow a very basic templated approach… Each video contains a section that features an unrelated interview involving notable [crypto] figures…
The videos contain a section that features the URL for the so-called event or giveaway. This section is not clickable, which means the user has to manually type in the URL to reach it.”
Once the viewer visits the scammers’ website, they are asked to send funds to a crypto address and told they will later receive double their money or more in return.
The crooks are stealing popular crypto assets including Bitcoin (BTC), Ethereum (ETH) and popular memecoin Shiba Inu (SHIB).
Narang says that in a recent month-long survey of YouTube Live scams, he counted at least $8.9 million in fraudulent activity.
The report goes on to explain how familiar faces are ideal to use as bait when luring in victims.
“Scammers recognize that users place a lot of trust in influential voices. Combined with the plethora of existing interview footage featuring many of these notable figures, scammers have developed a formula that adds legitimacy to their efforts and has continued to work for years.”
The report notes that an important aspect of running a successful scam is to take over an existing YouTube account that already has a large subscriber base. This leverage provides an air of legitimacy and increases the likelihood that a significant number of people will encounter the video.
The presentations are designed to be slick and professional, such as this fake Elon Musk/SHIB promotion.
Tenable notes that after Musk’s appearance on popular late-night comedy show Saturday Night Live back in May, hackers made off with over $10 million via fake crypto giveaways.
In response to the proliferation of fraud on its platforms, Google’s Threat Analysis Group recently posted a wide-ranging report called “Phishing campaign targets YouTube creators with cookie theft malware.”
The section about crypto fraud states,
“A large number of hijacked channels were rebranded for cryptocurrency scam live-streaming. On account-trading markets, hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers.”