- Hackers appear to have taken over several big
YouTube channels in recent weeks, changing the channels' names to topics like "SpaceX" or "Elon Musk" and promotingBitcoin scams. - The hacked channels, some of which have tens or hundreds of thousands of subscribers, post videos urging people to send Bitcoin in order to be paid back double — a common
scam tactic. - It bears similarities to the tactics used by hackers who compromised hundreds of high-profile Twitter accounts last month.
- Unlike the Twitter
hack , there's no evidence that hackers compromised YouTube's internal tools or systems — but the hacks keep compromising big channels.
As SpaceX and NASA made history last week with their first ever spaceflight together, millions flocked to YouTube to watch astronauts return to Earth.
Tens of thousands of those viewers unwittingly clicked on videos that appeared to be official SpaceX livestreams, posted by seemingly legitimate YouTube channels with hundreds of thousands of subscribers. Instead, they were met with "Bitcoin giveaway" messages urging them to send Bitcoin in order to be paid back double — a common scam tactic.
Hackers appear to have compromised several high-profile YouTube channels in the past week, changed the channel names to hot-button topics like SpaceX or Elon Musk, and promoted Bitcoin scams. The trend was pointed out Monday by esports commentator Rod Breslau.
—Rod Breslau (@Slasher) August 4, 2020
The tactics appear similar to those employed by the hackers who compromised Twitter last month, taking over verified accounts, including Kim Kardashian's and Barack Obama's, and using them to promote Bitcoin scams.
But while the Twitter breach was the result of hackers gaining access to Twitter's internal tools and systems, it's possible that each hacked YouTube channel was taken over separately, without hackers compromising YouTube's internal tools. Nonetheless, hacked channels promoting Bitcoin scams appears to be pervasive on YouTube.
A YouTube spokesperson did not immediately respond to a request for comment, but some hacked channels were disabled shortly after Business Insider asked YouTube about them.
The channels highlighted by Breslau aren't the only ones that appear to have been compromised.
As of Tuesday morning, a cursory search for "SpaceX NASA" on YouTube directed users to a live video with 36,000 viewers entitled "Elon Musk Interview from Air Warfare Symposium about SpaceX Crew Dragon & NASA 2020," posted by a channel called "Live News" with a SpaceX logo as its avatar.
Those changes were made recently — the channel's social media links show that it originally belonged to a Croatian gaming YouTuber who was promoting his YouTube channel as recently as yesterday. The channel was disabled shortly after Business Insider asked YouTube about it on Tuesday.
Hackers have been employing similar tactics on YouTube since at least November 2019, according to MarcoStyle, a gaming YouTuber who was hacked last year.
In a video explaining the hack, MarcoStyle said his channel was compromised after he was tricked into clicking a malicious phishing link in an email. From there, hackers were able to reconfigure his channel as a "brand channel," enabling it to be managed by multiple other Google accounts.
MarcoStyle said he thinks the hack could have been curtailed if YouTube required two-factor authentication for logins or to upload videos.
"We really can't expect YouTube to instantly fix the mess that I created [by clicking the phishing link]," he said in the video. "That being said, I do wish YouTube had a few other security options."
Sending malicious links in emails is one of the most common tactics employed by hackers. Email scams cost businesses $1.7 billion in 2019, according to the FBI, and a FireEye study found that 91% of all cybercrimes start with an email.