YouTube logo is seen displayed on a smartphone and red alerting word HACKED on the blurred background
Image Courtesy: Rafael Henrique

YouTube channels of crypto startups, creators fall victim to hacking and scamming attempts

Hackers are increasing their efforts to target the thriving crypto sector all across the world. Hackers recently took control of multiple YouTube channels belonging to crypto-supporting influencers including Indian exchanges like CoinDCX, WazirX, and Unocoin. The hackers published video instructions in which they asked individuals to transfer money in their cryptocurrency wallets. The hackers included a wallet link in the video’s description section.

YouTube logo is seen displayed on a smartphone and red alerting word HACKED on the blurred background
Image Courtesy: Rafael Henrique

The hackers are said to have compromised YouTube servers in order to forcefully broadcast the video clip on hijacked accounts. They were seeking cryptocurrencies such as Binance, USD Coin, and Ether in exchange for “One World Cryptocurrency” (OWCY), a new and suspicious coin.

When an outraged Indian creator, Arun Maini aka Mrwhosetheboss, tweeted about the incident, he asked his followers if anyone had screen-recorded the video clip and his subscribers had managed to capture the hackers’ video. Michael Gu, the creator of the YouTube channel “Box mining,” tweeted saying that his account had been hacked. Gu stated that he had two-factor authentication (2FA) enabled, which leads him to suspect that YouTube is accountable for the hack.

Accounts who appear to have been targeted by the attack include: ‘BitBoy Crypto’, ‘Altcoin Buzz’ among others
Image source: Box Mining via Twitter

Unocoin and WazirX, two popular cryptocurrency exchanges, stated to a news agency that cybercriminals managed to get control of their accounts in the early hours of Monday. Sathvik Vishwanath, CEO of Unocoin said in a statement, “We can see that there is no external login or activity on our account. It is obviously appearing as if YouTube has got hacked or should be some rouge employee at their end who could have intentionally did this or it is also possible that his computer was compromised.”

Rajagopal Menon, VP Marketing of WazirX said, there was a systematic breach on multiple crypto YouTube accounts worldwide. “Fortunately, our team caught the fraudulent video within 7 minutes of going live on our channel and deleted it. On conducting a diagnosis, we did not find any security flaw from WazirX’s end that could have given hackers access to our channel,” he added.

The actual technique implemented by the hackers to gain access to the YouTube channels is unknown at this time. Independent cyber security analyst Rajshekhar Rajaharia believes that YouTubers employ third-party services for live streaming, analytics, among other things. He explains through an API, these third-party tools request permission, which provides a token. Now there’s a risk that hackers got their hands on these tokens and published the video exploiting these API credentials.

Prime Minister Narendra Modi’s Twitter account was temporarily compromised in December. India has “officially adopted bitcoin as legal tender,” the hacker tweeted on his account, and “the government has officially bought 500 BTC and is distributing them to all residents of the country.” An unknown group hacked the Twitter account that updates PM Modi’s official website and mobile app in September 2020.