Hackers are increasing their efforts to target the thriving crypto sector all across the world. Hackers recently took control of multiple YouTube channels belonging to crypto-supporting influencers including Indian exchanges like CoinDCX, WazirX, and Unocoin. The hackers published video instructions in which they asked individuals to transfer money in their cryptocurrency wallets. The hackers included a wallet link in the video’s description section.
The hackers are said to have compromised YouTube servers in order to forcefully broadcast the video clip on hijacked accounts. They were seeking cryptocurrencies such as Binance, USD Coin, and Ether in exchange for “One World Cryptocurrency” (OWCY), a new and suspicious coin.
When an outraged Indian creator, Arun Maini aka Mrwhosetheboss, tweeted about the incident, he asked his followers if anyone had screen-recorded the video clip and his subscribers had managed to capture the hackers’ video. Michael Gu, the creator of the YouTube channel “Box mining,” tweeted saying that his account had been hacked. Gu stated that he had two-factor authentication (2FA) enabled, which leads him to suspect that YouTube is accountable for the hack.
Unocoin and WazirX, two popular cryptocurrency exchanges, stated to a news agency that cybercriminals managed to get control of their accounts in the early hours of Monday. Sathvik Vishwanath, CEO of Unocoin said in a statement, “We can see that there is no external login or activity on our account. It is obviously appearing as if YouTube has got hacked or should be some rouge employee at their end who could have intentionally did this or it is also possible that his computer was compromised.”
Rajagopal Menon, VP Marketing of WazirX said, there was a systematic breach on multiple crypto YouTube accounts worldwide. “Fortunately, our team caught the fraudulent video within 7 minutes of going live on our channel and deleted it. On conducting a diagnosis, we did not find any security flaw from WazirX’s end that could have given hackers access to our channel,” he added.
🧵Thread 1/5 – YouTube’s crypto community, including CoinDCX, was earlier targeted by hackers, which saw the publication of bogus videos.
The actual technique implemented by the hackers to gain access to the YouTube channels is unknown at this time. Independent cyber security analyst Rajshekhar Rajaharia believes that YouTubers employ third-party services for live streaming, analytics, among other things. He explains through an API, these third-party tools request permission, which provides a token. Now there’s a risk that hackers got their hands on these tokens and published the video exploiting these API credentials.
Prime Minister Narendra Modi’s Twitter account was temporarily compromised in December. India has “officially adopted bitcoin as legal tender,” the hacker tweeted on his account, and “the government has officially bought 500 BTC and is distributing them to all residents of the country.” An unknown group hacked the Twitter account that updates PM Modi’s official website and mobile app in September 2020.