The Linus Tech Tips YouTube hack is the latest in a string of crypto scam breaches
Popular YouTube channel Linus Tech Tips has been hacked this morning, with the channel’s 15.3 million subscribers watching crypto scam videos instead of technical hardware reviews. It’s the latest breach in a series of high-profile YouTube accounts being hacked, with fraudsters regularly accessing prominent accounts to rename them and live-stream crypto scam videos.
The main Linus Tech Tips channel was breached earlier this morning, with several live videos before the hacker started making old private videos public. The account was eventually suspended, presumably as YouTube staff work to restore it. Other Linus Media Group YouTube channels, including Techquickie and TechLinked, have also been broken up and given new names focused on Tesla.
It’s not immediately clear how the channels have been broken, but owner Linus Sebastian tweeted that he was aware of the situation.
This is just the latest in a series of breaches that have occurred over the past year, generally designed to promote live streams that push viewers to amateurish crypto sites through links or QR codes. The British Army’s YouTube channel was hacked for promoting crypto scams last year, just months before tens of thousands of “viewers” saw a fake Apple crypto scam on YouTube. Popular Vevo channels on YouTube for artists such as Lil Nas X, Drake, Taylor Swift and more were also affected by a breach last year that saw videos uploaded from an “unauthorized source”.
We’ve reached out to Google for comment on this latest YouTube incident and to provide information on exactly what the company is doing to protect creators here. While today’s breach may be due to a combination of passwords and two-factor authentication being compromised, it feels like YouTube could do more to prevent the damaging effects of this.
These scams have been going on for months, and one YouTuber claims they work through fake sponsors who reach out to creators. YouTubers are then convinced to download a file related to the sponsorship, which is nothing but malware designed to steal cookies, remotely control PCs, and ultimately hijack YouTube accounts.
I personally would like to see YouTube implement a lockout mode for high profile accounts, where if you log in from an unknown browser or location (based on IP and other factors) then you can’t rename your channel or access live streaming or video deletion options for a period of time. Combined with alerts for when a new location has logged in, this can help channel owners recover their YouTube accounts before any real damage is done.
YouTube may also implement a guardian system where you will need second approval from another account to rename a channel or delete videos or even additional two-factor requests for channel actions. This can also help reduce the impact of a YouTuber’s own machine being breached. Hopefully YouTube has some even better ideas and can get this under control because I’m tired of waking up to a phone full of notifications about rogue crypto videos from YouTube.
Update March 23 at 10:05 a.m. ET: Article updated with more information on how the scam works.