A coordinated attack has allowed hackers access to multiple YouTube accounts of more than 30 popular cryptocurrency influencer channels.
At the same time on the same day, January 23, the hackers uploaded a fraudulent video titled “One World Cryptocurrency”, posting it across numerous crypto influencers’ YouTube channels. In the video and description, there was a contact address provided and the scammers called for people to send USDT/USDC/BNB/ETH to receive new crypto called OWCY.
According to data from BscScan, the scam caused minimal financial damage, with only 2.3 BNB transferred to the hacker’s wallet. In total, there were only 10 transactions worth around US$850 at the time of writing.
How Did the Hackers Gain Access?
Many, if not all, of the hacked YouTube accounts were secured with very strong passwords and Google security keys, which would normally make it almost impossible for a hacker to gain access.
Attacks such as these can be carried out by a process known as SIM swapping, where hackers take control of the phone number linked to an account. Porting the victim’s number to a new SIM allows hackers to get past 2FA (two-factor authentication). This does not appear to have been the case in this instance, as many accounts were breached at one time, raising suspicions of an inside job.
All the accounts the hacker gained access to were logged in from an IP address in the Philippines. YouTube brand accounts are connected to personal accounts. Michael Gu (@boxmining) was one of the YouTubers whose account was hacked. Gu said he conducted an internal sweep after the breach but found no viruses or bugs that might have given the hackers access, adding there had been no logins on his personal Google account, nor was access to his phone compromised. “Seems like YouTube might be responsible,” he said.
Very likely, this is either a hack on YouTube’s side or a rogue employee. That’s how they got so many people at the same time.Michael Gu (@boxmining)
Account Holders Hint at an ‘Inside Job’
Ivan on Tech was also targeted in the attack, and posted his account in a video below, suggesting that it could have been an inside job.
While Google’s Threat Analysis Group (TAG) continues to step up efforts to make the platform more secure, this latest attack raises huge concerns over YouTube’s ability to protect users from foul play, especially in a case where the culprit has most likely come from within its own walls.
Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.