Hackers appear relentless at attacking the decentralized finance (DeFi) space and related sectors. This time around, hackers targeted a series of popular crypto YouTuber accounts intending to defraud viewers.
On January 23, hackers exploited a vulnerability within online video channels to compromise crypto YouTuber accounts, posting unauthorized videos with text directing viewers to send money to their wallets.
Most of the accounts breached swiftly noticed the fraudulent video shortly after and removed them from their channels within minutes before more harm befell many viewers.
Hackers compromised several YouTube channels, including BitBoy Crypto, Altcoin Buzz, Box Mining, Floyd Mayweather, Ivan on Tech, and The Moon.
At the time of publishing, the Binance Smart Chain wallet linked with the fraudulent videos only managed to record a total of nine transactions, with a total value of around $850.
While commenting about the incident shortly after, Michael Gu confirmed that a fraudulent video was posted in his YouTube channel Boxmining without permission, adding:
“Luckily, we caught it within two mins of the video going live and managed to delete it. By that time, there were already views and comments from my community.”
Moreover, Gu revealed that he has already done internal clean-up throughout his channel to ensure no viruses or bugs were left during the raid, alleging that it “Seems like YouTube might be responsible.”
Buy Crypto NowYouTube Hackers Attack Again
The YouTube hack attracted a heated discussion online, with one Reddit user “9Oh8m8” suggesting that hackers gained access to the accounts using a SIM swap scam:
“They are all posting with a title like “ONE WORLD CRYPTOCURRENCY.” They have an address in video; and description to send your USDT/USDC/BNB/ETH to receive new crypto called OWCY.”
Nonetheless, Gu was far from being convinced that the hack was a SIM swap; arguing that there were no logins attempts in his Google personal account, asserting:
“If it was a SIM swap, I would lose access to my phone, etc., and that didn’t happen.”
“What we noticed was on the BRAND account (which doesn’t have a login. YouTube brand accounts are connected to personal) there was a login from the Philippines. Very likely, this is either a hack on the YouTube side or a rogue employee. That’s how they got so many people at the same time.”
On the other hand, Shash Gupta, founder and CEO of Altcoin Buzz YouTube channel; said that his technical team noticed something was wrong at 1:00 am Singapore time on January 23; night after an unauthorized video went live in their channel without consent:
“It’s pretty unclear what happened. I’m talking to YouTube to get to understand the matter and avoid such further breaches.”
Richard Heart was another crypto YouTuber who reported that attackers compromised his account. Heart tweeted at 9:30 pm UTC that his channel was terminated during a live stream, with him also alleging that YouTube was probably aware of the scam event.