Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe
  • Twitter
  • Facebook
  • LinkedIn

Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live

Fake Bitcoin, Ethereum, Dogecoin, Cardano, Ripple and Shiba Inu Giveaways Proliferate on YouTube Live

Scammers are leveraging compromised YouTube accounts to promote fake cryptocurrency giveaways for Bitcoin, Ethereum, Dogecoin, Cardano, Ripple, Shiba Inu and other cryptocurrencies.

For the last few years, scammers have been hijacking legitimate YouTube accounts in order to promote fake cryptocurrency giveaways through the popular video service platform. In October, Google published a blog post detailing how these YouTube accounts were being compromised.

To promote these giveaways, the scammers leverage a few key elements:

  • Notable figures in the cryptocurrency space
  • Cryptocurrency tokens rising in price along with a massive following
  • Newsworthy events

I've been monitoring these types of cryptocurrency scams on YouTube for the last few years. In this blog, I share highlights of my recent research targeting interest in cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), Dogecoin (DOGE), Cardano (ADA), Ripple (XRP), and Shiba Inu (SHIB), including details that can help YouTube users identify and avoid falling prey to these cons.

The Template

To promote the fake cryptocurrency giveaways on YouTube, scammers follow a very basic templated approach that involves five components.

  1. Each video contains a section that features an unrelated interview involving notable figures. These videos are readily available on YouTube and have been downloaded by the scammers using software and repurposed into this templatized video.
  2. More often than not, the videos contain a section dedicated to a fake tweet from the notable figures talking about the event/giveaway. This section is almost always present, but I have encountered some instances where there was no tweet.
  3. A section about the so-called giveaway “event” will describe why these notable figures are giving away cryptocurrency, which may include the total amount of cryptocurrency they will supposedly be giving away as part of this event.
  4. A section about the rules for the event, which tells viewers that if they have as little as 0.1 BTC or 1 ETH, they can expect to double it by sending it to a Bitcoin or Ethereum address. These videos do NOT contain any information about the addresses themselves.
  5. The videos contain a section that features the URL for the so-called event or giveaway. This section is not clickable, which means the user has to manually type in the URL to reach it. In some instances, the scammers may include the URL in the video description, but this is not often the case.

Please note that these components may not always be in the same position in the mockup depicted above and they may add or omit sections from their templates.

Using notable figures to add legitimacy to cryptocurrency scams

Scammers recognize that users place a lot of trust in influential voices, so they create fake videos featuring the founders and co-founders of cryptocurrencies as well as notable individuals associated with cryptocurrency companies or CEOs of companies who have promoted the use of and/or discussed the purchase of cryptocurrencies for their company balance sheets. Combined with the plethora of existing interview footage featuring many of these notable figures, scammers have developed a formula that adds legitimacy to their efforts and has continued to work for years.

Across a number of fake YouTube Live videos, I’ve seen scammers use footage of notable figures including:

  • Michael Saylor, chairman and CEO of MicroStrategy and a fervent supporter of Bitcoin
  • Vitalik Buterin, Ethereum co-founder
  • Charles Hoskinson, Cardano founder and Ethereum co-founder
  • Brad Garlinghouse, CEO of Ripple Labs
  • Elon Musk, CEO of Tesla and SpaceX

In the example above, scammers managed to compromise a YouTube account with 2.84 million subscribers, using it to promote a fake Bitcoin and Ethereum giveaway using an interview with Saylor. The video features all of the components of the template that I described earlier. The hook with this video is the price, with a prediction or claim of $150,000 per Bitcoin by the end of 2021.

In another video, scammers have taken an interview with Buterin to promote a fake Ethereum giveaway. In this instance, the scammers compromised a YouTube account with over 500,000 subscribers and pivoted it into a fake Ethereum YouTube channel. Once again, the scammers are focused on the price, as Ethereum has seen all time highs recently. This is why the video description centers around Ethereum “flying” and mentions a price prediction along with the planned merge to Ethereum 2.0 in the coming months.

Cryptocurrencies rising in price are accompanied by a massive following

Outside of well-known cryptocurrencies, like Bitcoin and Ethereum, scammers are piggybacking on the massive following for emerging cryptocurrencies that are rising in price. This is evidenced by fake YouTube Live streams featuring Hoskinson, Garlinghouse and Musk.

Scammers are using unrelated video footage of Hoskinson to promote fake Cardano giveaways. Unlike Saylor and Buterin, Hoskinson has a very active YouTube presence, going live regularly to discuss the work being done on Cardano, which provides scammers with more than enough footage to utilize in their scams. Predictably, the description of the fake livestream video above talks about the price, forecasting a $200 per token price for Cardano.

Above is a fake YouTube Live stream featuring footage of Garlinghouse, whose company is behind the cryptocurrency Ripple. Once again, the description of the video centers around the XRP price, saying the CEO believes it could reach $20.

Musk, who has become the de facto face of most cryptocurrency giveaway scams, has been used to promote fake Dogecoin and Shiba Inu YouTube Live giveaways. In the example above, the template looks like it was copy/pasted from someone else’s video because of the lack of uniformity in the placement of logos/iconography and the reference to the external URL being in a completely different font.

In another example, an interview between Musk, Jack Dorsey, CEO of Twitter and Square, and Cathie Wood, CEO of ARK Invest, is being used to promote a fake Shiba Inu giveaway on YouTube Live. Once again, this video follows in the footsteps of the fake Bitcoin, Ethereum, Cardano and Ripple giveaways, talking about the price prediction for Shiba Inu, which has seen a meteoric rise during the last year.

Tonya Riley of Cyberscoop, who has been reporting on Shiba Inu scams, published her own report referencing some of my research into these particular scams.

Scammers seize on attention surrounding newsworthy events

In May, as Musk was set to make an appearance on Saturday Night Live and speculation arose around the potential that he would promote Dogecoin, scammers began activating their strategies. The weekend of Musk’s appearance, scammers hijacked a number of YouTube accounts to promote fake Saturday Night Live streams, stealing over $9 million dollars across Bitcoin, Ethereum and Dogecoin from unsuspecting users.

In July, as Jeff Bezos, Amazon and Blue Origin founder and CEO, took to the sky as part of the first private crewed flight to space, scammers promoted fake YouTube Live streams of the news, claiming that Bezos would celebrate the flight by giving away 1,000 Bitcoin.

Of course, this was just another scam taking advantage of a newsworthy event.

Current events featuring high profile individuals offer the perfect fodder for scammers, as they can count on significant interest from audiences looking to watch livestream footage on YouTube.

Advanced fee fraud: the standard for cryptocurrency scams

As the saying goes: if it ain’t broke, don’t fix it. For cryptocurrency scammers, this adage holds true. The common thread amongst all of these fake YouTube Live streams is that users are directed to external websites that claim to double a users’ cryptocurrency, whether it be BTC, ETH, DOGE, ADA, XRP or SHIB.

Users are instructed to send the respective cryptocurrency to an address in order to receive double their cryptocurrency.

In the example above, a Bitcoin giveaway claiming to be associated with Saylor and MicroStrategy provides an address that users can send funds to in order to double their Bitcoin.

At the time that I encountered the giveaway scam video, the scammers reportedly managed to steal 41 Bitcoin, which was valued at $2.8 million.

However, since then, the address appears to have stolen over 132 Bitcoin, valued at $7.7 million as of November 19.

Similarly, scammers have managed to convince unsuspecting users to part ways with their Ethereum, Cardano, Ripple and Shiba Inu cryptocurrency through these scams.

Across a subset of YouTube Live scams that I’ve encountered over the last month, scammers have stolen at least $8.9 million dollars based on cryptocurrency prices as of November 19 at 12pm PST.

Cryptocurrency Total Value of Stolen Funds Average Per Scam
Bitcoin $8,231,064 $1,646,212
Ethereum $413,893 $82,778
Shiba Inu $239,346 $34,192

Report fake cryptocurrency giveaway videos to YouTube

To help thwart the efforts of scammers, users are encouraged to report such videos to YouTube. Reporting videos on YouTube can be done by clicking on the flag icon beneath the video and selecting the “spam or misleading” category and selecting “scams or fraud” in the dropdown menu.

By reporting these videos, there’s a chance you might save someone from losing their cryptocurrency to one of these scams.

Fake YouTube Live streams will continue to run rampant

As efforts to combat the deluge of fake YouTube Live streams promoting cryptocurrency continues, scammers will undoubtedly adapt and find new ways to promote their scams before they get caught.

For instance, a recent Shiba Inu YouTube Live scam did not feature the typical template outlined earlier in this report. Instead, it uses video footage of technical analysis of cryptocurrency charts. The page itself doesn’t reference “Shiba Inu” but instead uses the phrase “SHIBA Airdrop.” A link to the fake giveaway page is contained in the video description, rather than within the video template itself. It’s just an experiment at this point, but it is something to watch going forward.

It’s really important for users to be skeptical of such YouTube Live videos promising giveaways from notable figures such as the ones above and new individuals that may emerge in the future. Never send your cryptocurrency to participate in a giveaway that promises to double it. You won’t be able to recover them once they’ve been sent. It’s also important for viewers to help play their part and report these YouTube Live videos.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.