Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Bitcoin scammers take YouTube channels for a SpaceX ride

11 Jun 2020 4 Cryptocurrency

Post navigation

Previous: Microsoft squishes 129 bugs with Patch Tuesday updates
Next: Crooks hijack “Black Lives Matter” to spread zombie malware
by Lisa Vaas

Crypto scammers hijacked three YouTube channels to impersonate Elon Musk’s SpaceX channel, offering bogus BTC giveaways that earned them nearly USD $150,000 over the course of two days.

The scamming channels were first reported on Hacker News. Bleeping Computer followed up with a full report.

According to Bleeping Computer and the reports filed in the BitcoinAbuse database, the scammers took over legitimate YouTube accounts and changed the branding to look like that of Elon Musk’s rocket company. They were caught live-streaming footage of the founder as he spoke at conferences and during interviews.

The hijacked YouTube channels – previously known as Juice TV, Right Human, and MaximSakulevich – were renamed Space X Live or SpaceX after crooks got control of them. Then, the channels were used to push scams that asked for a small amount of Bitcoin in exchange for double their money back.

The hijacked accounts came with sizable numbers of subscribers: one had 230,000 followers, while another had 131,000. The legitimate SpaceX YouTube channel has 4.33 million subscribers.

The ruse worked. As of Tuesday, there were 80,000 people watching the live stream. Since 8 June, the scam had generated close to $150,000 in bitcoins.

Before they got yanked for violating YouTube policy, the channels running these scams were asking people to send bitcoins to two addresses. One wallet recorded 85 transactions, receiving 11.25 BTC, while a second, with 37 transactions, took in 5.51 BTC.

The bitcoin addresses were reported to the BitcoinAbuse database – a good place to check on whether an address has been reported for milking people.

Musk is a tasty target

With a following as big as the legitimate SpaceX, it’s easy to see why this isn’t the first time that Musk and his rocket company have been used to promote a crypto scam.

In October 2018, we saw it happen on Twitter. In spite of only being up for 12 hours, 17 people fell for it. The scammers made 1.623 BTC, which at the time was worth over $10,000 USD.

24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.
Learn More

Cryptocurrency giveaway scams are popular among fraudsters. They typically target users of Ethereum and Bitcoin, two of the most popular cryptocurrencies. They lure in victims by offering free coins online. All the victims have to do is first send a small amount of the cryptocurrency to the address before they receive a beaucoup return. Of course, victims get no beaucoup. Instead, they get bupkus: no double-your-money-back, no return of the money originally sent.

It’s a variant of the age-old 419 scams that have plagued email users. In 419 scams, the crooks claim to be high-ranking officials needing to get money overseas. They ask victims to send them a small amount of money in exchange for millions. Predictably enough, the money never comes.

How scammers hijack accounts

If you’re a scammer looking to fleece a crowd of loyal followers to pitch one of these scams to – as in, somebody else’s loyal followers – the easiest thing to do is take over an existing account. We don’t know how the SpaceX scammers got hold of the YouTube channels they hijacked, but one (unfortunately likely!) possibility is that the channel owners reused their credentials somewhere else.

If there was a breach at one of the other places where the rightful account holders used the same username/password, then automated tools could have made it a snap for crooks to take the breached credentials and plug them in to see what other accounts they’d unlock. It’s why password reuse=rotten idea!

Another possibility: the rightful account holders might have used flimsy passwords that were easy to guess. Don’t know how to pick a strong password? Here’s how.

Overwhelmed by your ever-swelling collection of passwords? By all means, use a password manager. They might not be perfect, but they’ve stood strong against flaws.

While you’re at it, turn on two-factor authentication (2FA) for any online accounts that support it – it’s a minor inconvenience for you, but a significant stick to poke between crooks’ spokes.

Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Microsoft squishes 129 bugs with Patch Tuesday updates
Next: Crooks hijack “Black Lives Matter” to spread zombie malware

4 comments on “Bitcoin scammers take YouTube channels for a SpaceX ride”

  1. Pete says:
    June 12, 2020 at 11:14 am

    I was rather disturbing to see the ‘Space X channel’ with this one as the top video when I logged into Youtube on my Xbox, pretty poor how long this stayed as a featured channel. I did take part in the live comments just repeating it is a scam but there are so many bot comments saying they got BTC back. It’s poor form on Youtube for not getting on top of this with any urgency whatsoever, I reported it but nowt happened. Big corps like Facebook and Google have a hard task with so much content out there but they also have vast reserves of money, easy to employ humans to monitor and remove this stuff. It will cost the if they don’t, Facebook ignore the Cambridge analytic scandal and look where it got them.

    Reply
  2. Matthias says:
    June 16, 2020 at 5:06 pm

    Can confirm, I also reported several channels, but they stayed online for at least further 30 minutes, until they were taken down. Many bitcoins (=dollars) were lost due to the slow reaction of youtube itself…

    Reply
  3. Sj says:
    July 7, 2020 at 9:02 pm

    Where is YouTube’s accountability in this???? It’s July 7th and I just had an ad for one of these scams play on my YouTube – as an ad before legit content. YouTube is liable.

    Reply
  4. Sj says:
    July 7, 2020 at 9:04 pm

    Part of the issue is that YouTube does not have an easy reporting system for scams like this – and no way to flag fraud ads (this came up as an ad not a channel)

    Reply

What do you think? Cancel reply

Recommended reads

Nov03
by Paul Ducklin
0

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

Dec12
by Paul Ducklin
0

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties

Jan12
by Paul Ducklin
12

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP