On March 24th, popular YouTube channel Linus Tech Tips, with 15.3 million subscribers, was hacked, and its videos were replaced with crypto scam content. This latest breach is part of a series of high-profile YouTube accounts being hacked by scammers, who then livestream crypto scam videos. The breach of the Linus Tech Tips channel occurred in the early morning, and several live videos were broadcast before the hacker started making old private videos public. The account was eventually suspended, presumably as YouTube employees worked to restore it. Other Linus Media Group YouTube channels, including Techquickie and TechLinked, were also breached and given new names focused on Tesla.
It is not yet clear how the channels were breached. However, the owner of the channels, Linus Sebastian, tweeted that he was aware of the situation. Later, in a statement posted to Floatplane (a streaming service spun out of Linus Media Group), he said that the company is working with Google to get to the bottom of the attack vector and harden their security around YouTube accounts to prevent similar breaches from happening in the future. He also promised to discuss additional details on the company’s podcast, though warned they might not come this week as it’s “still a developing situation.”
This latest breach is part of a series of breaches that have occurred over the past year, with hackers promoting amateur-looking crypto sites through links or QR codes. The British army's YouTube channel was hacked to promote crypto scams last year, just months before tens of thousands of "viewers" watched a fake Apple crypto scam on YouTube. Popular Vevo channels on YouTube for artists like Lil Nas X, Drake, and Taylor Swift were also affected by a breach last year that saw videos uploaded from an "unauthorized source."
While it's not clear how the breaches occurred, one YouTuber claims that fake sponsors have been reaching out to creators, convincing them to download files related to the sponsorship, which are actually malware designed to steal cookies, remotely control PCs, and hijack YouTube accounts.
To prevent these breaches, YouTube could implement a lockdown mode for high-profile accounts that would prevent channel renaming, video deletion, or livestreaming options if signed in from an unknown browser or location. They could also implement a guardian system that requires second approval from another account for channel actions or additional two-factor prompts.
It's concerning that these breaches continue to occur, and it's essential for YouTube to take proactive steps to prevent them from happening in the future. The platform's users rely on it for accurate information and trustworthy content, and these scams erode that trust. We'll be keeping an eye on how YouTube responds to this situation and what measures they take to secure their platform.
