On March 23, 2023, a popular tech channel on Youtube called Linus Tech Tips was hacked. Fraudsters used the channel with a 15 million audience to spread cryptocurrency scams. Fortunately, YouTube has already taken care of it by suspending it, thus preventing possible massive negative consequences for subscribers.
Who is Linus Tech Tips?
First, let’s find out what this channel is. In 2008, Linus Sebastian, 22-year-old Canadian, launched his YouTube channel on technical topics. Five years later, his channel evolved into Linus Media Group (LMG), which combines Linus’ other projects and his other YouTube channel. He also used the company to host conferences and distributed labeled products that were associated with it. Linus Tech Tips and all the other projects posted under LMG have more than 25 million subscribers, 15 million of which come from the main YouTube account alone. For Linus, the YouTube channel is a business he has been running for almost fifteen years and where reached noteworthy success.. Losing what you’ve nurtured for so long, much less burying your audience’s and advertisers’ trust by posting fraudulent ads, is a total disaster.
Linus Tech Tips Was Hacked
On March 23, 2023, a strange thing happened to Linus’ YouTube channel. Someone launched a series of streams with questionable content featuring Elon Musk, Cathie Wood, and other crypto-related personalities in one way or another. Also, there was something wrong with the titles of these streams. The first suspicious thing is entirely irrelevant phrases about GPT-4, OpenAI development, and Tesla, utterly unrelated to the channel. It became obvious that crooks had hijacked the channel.
In addition to the strange live broadcasts, the scammers changed the channel. Instead of the usual @LinusTechTips shortcut, they set it to @teslaliveonline1, and then changed to @temporaryhandle. It all ended up at @LinusTechTipsTemp tag – probably after the YouTube takeover. Moreover, the scammers deleted (or hid) all the videos posted through the last 7 years.
However, the most suspicious thing in these live broadcasts was a QR code that redirected users to a website with a Tesla badge. Users were asked to send their cryptocurrency to a specific wallet on this page. In return, they were promised to send double the amount back. The site claimed that all of this was sponsored by Elon Musk to increase the cryptocurrency’s popularity. However, it was a scam.
Later that day, representatives of Linus Media Group contacted the audience and reported that they were working with Google support and that the situation was improving. However, they have not given any details or recommendations for other YouTubers affected on the same day. ThioJoe, Technique, and TechLinked also report a hack with similar consequences. In total, this could involve about 5 million more potential victims.
Everything should be blocked, and we’re figuring out the attack vector to strengthen the protection of YouTube accounts and prevent this kind of thing from happening in the future.
— LMG on Twitter
How could this happen?
Two common tricks targeting content creators on YouTube and other platforms are cookie hijacking and malicious links in requests for freeware on Google Search. Victims can say goodbye to their account through session hijacking by clicking on a link in an email disguised as a regular security email. This link may appear legitimate and not raise suspicion even when hovering over it. However, it redirects the victim to a chain of pages that intercept the session token, giving hackers complete control over their account.
Malicious links in a search request for freeware are a newer problem. Scammers redirect users to pages that resemble actual download pages for programs like LibreOffice or Blender. Users who haven’t dealt with the original page may not notice it, while those who trust Google Ads may not hesitate to click on the link. Files downloaded from these links may contain Vidar or RedLine stealing software.
Consequences of hacking Linus Tech Tips
Unfortunately, similar scams involving famous personalities like Elon Musk and Kathy Wood and promises of cryptocurrency returns have occurred for at least three years. The essence of this fraud scheme is that gullible users or lovers of easy earnings are asked to send some cryptocurrency to a specified wallet. In return, they promise to return a double amount. Since Linus Tech Tips has an audience of 15 million, the situation becomes especially alarming, as many could fall victim to this scam. This is similar to the crypto fraud pumping on Elon Musk’s participation in Saturnday Night Live show back in 2021. Considering all the channels hacked around that time, the number of potential victims could exceed 20 million people.