Twitter and YouTube Crypto Scams Are Rampant. What Do They Have in Common?

YouTube and X (former Twitter) have slowly become the preferred platforms for crypto frauds, as criminals have used all sorts of strategies to persuade people to invest, send money or simply click on dangerous links.

Despite wildly fluctuating crypto prices that should scare any potential victim, the crypto world remains attractive to many people. The sheer number and variety of attacks prove that criminals know this to be true, so they invest time and money into campaigns designed to take advantage.

YouTube and X remain the primary medium for these attacks, but there are some major differences in how threat actors use them to deploy their campaigns. At the end of the day, though, the criminals’ goals on both platforms is to persuade people to send them crypto, to buy crypto, or to fall prey to complex phishing schemes.

YouTube Takeovers

One of the most common types of crypto-related attacks on YouTube starts with the takeover of a YouTube channel. As our research recently showed, it’s not only extremely widespread as a tactic, but it also seems effective, given that much of the takeover process has been automated.

Content creators receive an email or link on a messaging platform from a company that promises a sponsorship or deal. The contract attachment, usually in PDF format, is infected with malware that steals session cookies, allowing criminals to take over the channel and change credentials. Bitdefender’s research into this phenomenon revealed that it’s widespread, with more than 1,000 YouTube channels compromised over a couple of months.

The YouTubers’ videos are often deleted and replaced with fake YouTube livestreams, fake Elon Musk interviews, and even deep fakes. The objective is to spread links to phishing/fraudulent websites and persuade victims to send any amount of cryptocurrency and, supposedly, receive double the amount back.

A similar type of campaign also promises impressive returns for anyone willing to invest in crypto and even goes as far as promoting giveaways, which are scams. No one is really offering Bitcoin or any other cryptocurrency.

X (formerly Twitter) follows a different path

While X supports video sharing, the frauds are tailored to this social network. For example, unknown people contact users claiming they’d lost access to their cypto account and need help. It’s very much like the old Nigerian price scheme, only ported into the 21^st century.

Victims are directed to access a website that looks like an investment platform, which requires them to provide personal information such as the wallet address and passwords to crypto accounts.

Another scam involves attackers who compromise legitimate accounts, usually from famous people and influencers, who promise a double return for any cryptocurrency sent their way. In some situations, these messages come from legitimate X accounts that have been taken over.

For example, the founder and leader of the Ethereum project, Vitalik Buterin, seemingly posted a message on X saying that a commemorative NFT is available for only 24 hours. In only 20 minutes, the tweet garnered the hacker almost $700,000.

Conclusion

If there’s one lesson that everyone can learn, it is that all videos or messages that urge people to invest in cryptocurrencies should immediately arouse suspicion. It’s not difficult to stay safe just by following a few simple advice:

• Be wary of live videos or recordings of famous people, especially from the tech industry, that try to persuade people to invest in cryptocurrencies. Elon Musk’s image and company are used in most frauds on YouTube.
• Don’t click on embedded links or QR codes
• No one offers cryptocurrency for free
• No one will ask for cryptocurrencies with the promise of a hefty return
• No one needs your credentials or accounts to recover lost cryptocurrencies
• Use security solutions on all your devices, such as Bitdefender Total Security for Windows, macOS and Linux, and Bitdefender Mobile Security for Android and iOS, that can stop people from interacting with phishing websites and downloading malware.