Satnam Narang, Staff Research Engineer at Tenable, the Cyber Exposure company, found dozens of compromised social media accounts that peddled fake cryptocurrency scams in the lead up to SpaceX and Tesla CEO Elon Musk’s appearance on NBC’s Saturday Night Light. Narang estimates that scammers netted over $10 million (USD) between May 7-9. Narang’s analysis revealed that scammers stole over $9.4 million in Dogecoin, $609,000 Bitcoin and at least $423,000 Ethereum.
Popular YouTube account Wave Music Bhojpuri, a channel with 18.9 million subscribers, was hijacked during the scam campaign. Other compromised YouTube channels were also observed in the United States, Brazil, Germany, Indonesia, the Philippines, Saudi Arabia and Kazakhstan to promote phoney cryptocurrency giveaways.
The largest single grossing Dogecoin address used in these campaigns was a YouTube Live video linked to dogecoin-snl[.]com. One particular compromised YouTube channel operated by a scammer rotated multiple domains and wallet addresses to scam $1.6 million dollars in Dogecoin. The videos on this channel comprised nearly 2,000,000 viewers across several live streams.
Commenting on the success of these scam campaigns, Narang said that there’s an urgent need for heightened cybersecurity measures within social media organisations.
“The onus is on social media sites, such as Twitter and YouTube, to close down these campaigns. Proactive steps to monitor for changes of verified Twitter and YouTube channels, particularly those with a large number of subscribers, would help stop these scams in their tracks,” said Narang. “Social media organisations should enforce two-factor authentication on verified accounts with large numbers of followers or subscribers. Social media platforms need to scrutinise such accounts because verified badges are invaluable, not just to notable figures, but also the people who rely on them to identify fact from fiction. Scammers are eroding that trust. Enforcing more stringent policies for these Twitter accounts and YouTube channels won’t stop the cryptocurrency scams from persisting, but they can help stem the tide.”