Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
The_Nevo

Stolen Youtube Channels used to promote bitcoin scams

Recommended Posts

Posted (edited) · Original PosterOP

There is a huge hack on dozens of European based YouTube channels. Unknown hacking group, supposedly based in Russia, is currently using stolen channels for promoting their bitcoin scam.

Quote

Someone hacked my YouTube Channel with over 310,000 Subscribers and deleted all my videos. What to do? I cant contact anyone, please help. @YTCreators - Roth Wellden, one of the victims via Twitter

 

Yesterday, a YouTuber called Roth Wellden received an advertising offer for their supposed streaming service called Gloom (which was later found to be a copy of another product called Remotr) with a link to their page and supposed license for their product. When he downloaded setup program for their "product" and tried to launch it, nothing happened. It was this moment when he realized that something was wrong, so he deleted that setup file. However, later that day he suddenly lost complete access to his channel with over 319 000 subscribers. Hackers were able to bypass two factor authentication and quickly gain full access to his account. About two hours later he found out that hackers even stole pictures of his ID card, which he had saved on his computer for authentication purposes. Roth Wellden regained access to his channel at 31st of December 2019.

 

Update (2nd of January 2020):
Hack in example mentioned above was probably executed via a malware hidden in the setup file Roth downloaded that stole cookies and session ID of his browser and created a backdoor to his computer, which hackers used to access his computer, stealing more data. YouTube at the time of writing this update reinstated most of the affected channels but the thread is still present so be aware of what email exactly are you opening as you should do all the time.

 

It was later found out that this problem happened to multiple YouTube channels, all based in Europe. For example:

https://www.youtube.com/channel/UCDkprLUEGpaaeXXSN6fIeDg
https://www.youtube.com/channel/UC-Ew7ux-YFW5dynuymiU_xw

https://www.youtube.com/channel/UCnppe64ZYf9r5r6kuR94PYQ

 

As you can see, all affected channels are renamed to "Binance" or "Changpeng Zhao [Binance CEO CZ]", however Mr. Zhao said himself that he or his company are not involved in those attacks and attackers are using their names for malicious purposes.

Quote

Alert! Scammers are impersonating official Binance accounts and tweeting to ask for deposits to specific addresses in return for gifts. You will lose your tokens if you do this! Binance will never ask you to send coins directly to any address for any reason. - Binance via twitter

 

Some channels were later sold to other people to use for multitude of others cryptocurrency scams like in the case of the first channel listed above.

 

1123883342_channelsell1.thumb.jpg.5407c3f797a6af727628e97c9f24c902.jpg

1738335595_channelsell2.thumb.jpg.e990e0191d652a2745a8cc10423c66a0.jpg

   Stolen channel being offered on Russian market

 

Sources: (Disclaimer: articles are in Czech language)

https://tn.nova.cz/clanek/ceskemu-youtuberovi-ukradli-ucet-s-310-tisici-lidmi-smazali-i-videa.html

https://refresher.cz/78829-Ceskemu-youtuberovi-s-300-000-odberateli-ukradli-ucet-Jeho-kanal-ted-vysila-podvodny-stream-o-kryptomenach?fbclid=IwAR1Cox1UFCXEKUsr4n8GshDR4fqLJQVdY-IHPrkk1yZaIsGgJLWrSfkmljc&gdpr-accept=1

https://freebit.cz/uz-nejste-vlastnikem-kanalu-roth-wellden-krypto-scam-zasahl-youtubery/

 

jhkajhskjhkjhkjhkjasd.jpg

          Example of hacked channel.

mail.thumb.jpg.efd10341c1c7d5bdee097ebe83902a2b.jpg

           Example of email with said offer. Some people report that they had a link to GameGloom website which contained infected setup file they downloaded.

Edited by The_Nevo
Added additional info and updated the topic
Link to post
Share on other sites

 


Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

            CPU: Ryzen 7 2700X @ 4.2Ghz          Case: Antec P8     PSU: G.Storm GS850                        Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

            Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition @ 2Ghz

                                                                                                                             

Link to post
Share on other sites

Its not a  "massive hack", its called phishing attack. These extremely common nowadays, I get emails asking for price quotes with excel files and when you open them some sort of shit happens and there goes your data.


y'all need to poop more often.

Link to post
Share on other sites
3 minutes ago, Levent said:

Its not a  "massive hack", its called phishing attack. These extremely common nowadays, I get emails asking for price quotes with excel files and when you open them some sort of shit happens and there goes your data.

It's all so typical that many big companies just simply filter out all attachments from any incoming mail outright. I didn't bother checking any of the Youtube-channels mentioned, but I'm going to assume they're all rather inexperienced people wrt. technology, because people with even cursory knowledge these days knows not to open files from emails.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites
5 minutes ago, WereCatf said:

It's all so typical that many big companies just simply filter out all attachments from any incoming mail outright. I didn't bother checking any of the Youtube-channels mentioned, but I'm going to assume they're all rather inexperienced people wrt. technology, because people with even cursory knowledge these days knows not to open files from emails.

There is atleast one with almost million subs. I guess youtube is not feeding them enough nowadays.


y'all need to poop more often.

Link to post
Share on other sites
47 minutes ago, Donator_HD said:

Bussines email says about page gamegloom.com but real page is remotrapp.com

WTF is a "business mail" lmao 

 

Try learning not to click on random links on emails.  Fullstop. 


RYZEN 5 3600 | MSI GTX 1060 6GB GAMING X | 16GB CORSAIR VENGEANCE LPX 3200 DDR4 | MSI B350M MORTAR | 250GB SAMSUNG EVO 860 | 2TB SEAGATE BARRACUDA | 1TB TOSHIBA SSHD | 120GB KINGSTON SSD | WINDOWS 10 PRO | INWIN 301| BEQUIET PURE POWER 10 500W 80+ SILVER | ASUS 279H | LOGITECH Z906 | DELL KB216T | LOGITECH M185 | SONY DUALSHOCK 4

 

LENOVO IDEAPAD 510 | i5 7200U | 8GB DDR4 | NVIDIA GEFORCE 940MX | 1TB WD | WINDOWS 10 GO HOME 

Link to post
Share on other sites
57 minutes ago, floofer said:

It’s pretty simple custom to not click on dodgy links that go to a download or whatnot. 

Doesn't always work that way. When someone is only trying to get their day's work done they are not going to be thinking about scams and stuff.

Link to post
Share on other sites

nth youtuber victim of a phishing attack. It's like they don't even learn from each others mistake 


One day I will be able to play Monster Hunter Frontier in French/Italian/English on my PC, it's just a matter of time... 4 5 6 7 8 9 years later: It's finally coming!!!

Phones: iPhone 4S/SE | LG V10 | Lumia 920

Laptops: Macbook Pro 15" (mid-2012) | Compaq Presario V6000

Link to post
Share on other sites

When they contact tech support this should be the song that plays :

 

 

 


PC - NZXT 340 Black, Intel i7 6700k, Noctua NH-U9S, 16GB Corsair DDR 4 2133mhz, Asus H170 Pro Gaming , Gigabyte 1080 OC Windforce, Samsung 860 250GB (OS) Samsung 850 Evo 250GB (Games) Samsung 840 Evo 500GB (games)

 

Mac - 1.4ghz i5, 4GB DDR3 1600mhz, Intel HD 5000.  x2

 

Endlessly wishing for a BBQ in space.

Link to post
Share on other sites

double post

Edited by Kierax

PC - NZXT 340 Black, Intel i7 6700k, Noctua NH-U9S, 16GB Corsair DDR 4 2133mhz, Asus H170 Pro Gaming , Gigabyte 1080 OC Windforce, Samsung 860 250GB (OS) Samsung 850 Evo 250GB (Games) Samsung 840 Evo 500GB (games)

 

Mac - 1.4ghz i5, 4GB DDR3 1600mhz, Intel HD 5000.  x2

 

Endlessly wishing for a BBQ in space.

Link to post
Share on other sites
11 minutes ago, EverydayTV said:

 

 

Got my email today ? 

 

 

Oh wow, it sucks to be a youtuber nowadays huh. Glad you are an aware content creator.


y'all need to poop more often.

Link to post
Share on other sites
22 hours ago, Bcat00 said:

Doesn't always work that way. When someone is only trying to get their day's work done they are not going to be thinking about scams and stuff.

Business mail means nothing because I have had a couple times where suspect emails have gotten through regardless of filters. It was a stupid thing to do and it is a pretty basic security concept to not click on links you know little about not to mention downloading and running an executable. 

Link to post
Share on other sites
Posted · Original PosterOP
18 hours ago, EverydayTV said:

Their registered domain info, not sure if this will help. 

IMG_20191231_014608.jpg

We know. All info we got was forwarded to the Czech police. 

Link to post
Share on other sites
18 hours ago, EverydayTV said:

Screenshot_2019-12-31-01-24-52-829_com.yahoo.mobile.client.android_mail.thumb.jpg.404068de1f1e4cf24ca73afb1a76200c.jpg

 

Got my email today ? 

 

 

 

Whilst i would still treat this carefully and personally i wouldn't want this kind of ad revenue support if i did this looks legitimate enough to do some looking into. All it would take is somone a tad less cautious than me and i can see how they'd get caught.

Link to post
Share on other sites

Do not open email on your computer that has so many authentications and ways to go around the authentications. Sounds like he got phished and since he put everything on one computer with ways to get around his own security it cannot be fully blamed on the person who stole his information. Sucks when this happens but it shows how important proper security practices are and why there are entire departments/companies that specialize in this. Hopefully people on youtube do not get scammed from the videos as they look very obvious lol. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×