Here's How Bitcoin Scammers Were Able to Hijack 3 YouTube Channels to Impersonate SpaceX
You'd think that online scams would have a relatively short lifespan nowadays. Information travels fast, and people quickly learn of the threats that lurk around every corner of the internet. That's the theory, but in reality, things are a bit different.
Bitcoin giveaways: 21st century's answer to the Nigerian Prince scam
In 2018, con artists started organizing a form of advanced fee scam on Twitter. It was more or less a classic Nigerian Prince operation: users are urged to send the crooks a small fee, and in return, they are promised an unreasonably large sum of money. The difference was that instead of real money, victims were asked to transfer cryptocurrency.
Once again, the fraudsters needed a prominent figure to give the scam an air of legitimacy. Instead of using a non-existing royalty in an African country, however, they opted to impersonate famous people on social media. Among those affected the most was PayPal, Tesla, and SpaceX founder Elon Musk. Musk was (and still is) an avid Twitter user, which made him perfect for the criminal operation.
The crooks would first create fake accounts that used Musk's profile picture and bio. They would then post replies under the entrepreneur's tweets that would make it look like Musk had forgotten to tell his followers about the bitcoin giveaway he's organizing.
Those who wanted to take part were asked to send a small sum in cryptocurrency to a specified bitcoin address and were told that shortly thereafter, a much more substantial amount of money would appear in their wallet. None of this was true, but the scammers employed bots that would try to fool potential victims into thinking that the giveaway was real. At one point, they even started compromising verified accounts in order to make the ads appear real.
After the mainstream media covered the scams, Twitter took certain precautions to make these tricks harder to pull off, but if you check out the replies under Elon Musk's latest tweets, you'll see that the scammers are still trying. You'd imagine, however, that these attempts wouldn't be that successful anymore. You'd be wrong.
Fraudsters make thousands of dollars in a couple of days thanks to an old scam
Twitter is more careful about new and compromised accounts organizing cryptocurrency giveaways, which is why the crooks have apparently decided to move to YouTube. Once again, Elon Musk is in the spotlight.
A couple of days ago, a Y Combinator user shared a link to a YouTube channel that, on the face of it, looked like it belongs to Musk's SpaceX. The videos posted were mostly old live streams of the man himself, but crucially, alongside the footage, there was also an advert for a bitcoin giveaway. The users were told that anyone who sends between 0.1 BTC and 20 BTC to a specified address would receive double the amount in their own cryptocurrency wallet. Unfortunately, an alarmingly large number of people have fallen for these promises.
Infosec security news outlet Bleeping Computer took a closer look and found a total of three separate YouTube channels that were running the scam. The channels had a relatively large following, and it quickly became apparent that the hackers had compromised them in order to push the bogus giveaways in front of hundreds of thousands of subscribers.
The strategy paid off handsomely. It's not completely clear when the hacker brought up the fake videos, but Bleeping Computer's investigation revealed that the wallets advertised by the crooks had registered more than 100 transactions worth around $150 thousand.
Some of the people who got burned criticize YouTube for the slow reaction, but the first set of channels was eventually brought down. Reports from users suggest, however, that the scammers have compromised yet more YouTube accounts and are using them to push the fraudulent giveaways.
The impersonation of prominent figures and celebrities like Mr. Musk is certainly contributing to these scams' success. The same schemes have been going on for more than two years now, however, and it's high time people learn to see past the too-good-to-be-true veneer.