What’s going on
Compromised Youtube accounts are used to host livestreams of an AI-generated video of “Elon Musk” promoting a “cryptocurrency giveaway”.
In the livestream, victims are directed to scam sites via a URL shared in the livestream, or a QR code displayed on the live video.
To make matters worse, these livestreams often have the chat locked to prevent people from alerting each other to the scam.
Once victims visit the site, they’re presented with a decently believable “giveaway” page that has random logos of Tesla, SpaceX and other companies scattered around to increase the trust factor of victims.
Instructions are provided to send Bitcoin, Ethereum and a myriad of other cryptocurrencies to the scammer’s wallet, with a promise to receive at least doubled returns.
Collateral damage
These compromised channels often have a short life-span, as Youtube takes the livestreams down after a quick review. Great, right?
Unfortunately, the effect can be catastrophic for people who have spent years of their lives building their content on Youtube, as some of these channels end up being completely banned off the platform.
An example is a recent incident where the Linus Tech Tips channel fell victim to this exact scheme.
Meanwhile, scammers are making the big-bucks and leaving scott free.
Protecting yourself and your channel
The root of the problem seems to be initial access to accounts, so to lock-down your channel:-
- Use strong, randomly generated passwords
- Enable 2FA/MFA
- Configure appropriate access controls to your channel
- Secure yourself from other attack vectors, such as malware, macro-embedded documents and phishing attempts
If you come across a suspicious website or video, look out for typical indicators of a scam scheme:-
- Financial promises that are too good to be true
- Grammatical errors
- Use of familiarity, authority, or urgency to build your trust
What to do if you stumble across these videos
- Report the livestream to Youtube
- Report the crypto wallet adresses on Bitcoin Abuse Database
And remember to inform people you know about this scam, you might just save someone their money or life’s work.