Cryptocurrency Scam Targets YouTubers With Phony Brand Deals - How to Spot a Fake

In early February, Google revealed that its popular video-hosting service, YouTube, made $15 billion in 2019. Through ads placed on the site and in front of videos, content creators are able to earn revenue and reach an ever-expanding audience of consumers. As lucrative as content production can be, content creators have recently become a target for scammers hoping to make a quick buck. A hacked YouTube channel can be turned into an ad-revenue-generating machine or a livestream cryptocurrency scam waiting for users to inadvertently encounter.

Phishing scams, which send links meant to take personal information under the guise of popular web addresses, have been targeting YouTubers with fake brand deals. Over the past two months, builders BrickBros Productions and musician PoGo have had their channels taken over, videos privated and content replaced by cryptocurrency livestreams. Both targets eventually got their channels returned after about a week of negotiation. They also did not return a request for comment from Newsweek.

These fraudulent livestreams feature tens of thousands of viewers (which are potentially paid-for bots) and have links in their descriptions for "BitCoin giveaways." They claim potential users that donate smaller amounts of Bitcoin will be given larger amounts in return, with one particular livestream advertising a "5,000 BTC" giveaway. This allows a scammer the opportunity to profit off those who fall for these false promises.

Neebs Gaming is described as a "comedic-cinematic gaming channel" that's been creating content on YouTube for the past 11 years for more than 1.8 million subscribers. On February 15, channel owner Tony Schnur noticed he was unable to log into his account and that its name had been changed to "Coinbase Pro," with a livestream of cryptocurrency talks constantly running.

"One of our editors received a sponsorship offer for his channel from a company advertising editing software," Schnur told Newsweek. "He downloaded the software while logged into our account, which enabled someone to gain access to our channel."

In the email obtained by Newsweek, the sender claims to be a representative for a "SplashUp Light" company and is willing to pay "$2,000 for one preroll" ad. SplashUp Light is a free, flash-based photo editing software developed in 2007 by Faux Labs. The company declared bankruptcy in 2014.

This same email, though slightly longer, was sent to other content creators claiming to be offering a "new extension for Windows."

Those who respond to the email connect with a "SplashUp Light" representative and, within minutes, they'll ask "about your base price for such advertising" on your channel. When you agree to a price, they send over a list of steps that requires a 25-to-30 second clip "where you transfer the essence of the project in a compressed video and demonstrate the application (photo editor from SplashUp Light) installed on the computer."

If one agrees to that condition, a document containing a link to a website for "SplashUp 4" is sent, which presumably downloads the malware onto a victim's computer. "SplashUp 4" cannot be found anywhere else online, and the domain for its website is registered in Russia. This brand deal appears to be a scam designed to steal the login information of YouTube accounts and then hold them hostage till officials intervene.

"Ever since crypto went mainstream there have been a variety of scams to gain access to private keys across literally every platform," Ryan Detert, CEO of Influential, which connects brands to influencers using AI, told Newsweek. "Scammers have recently upleveled their sophistication by using livestreaming tactics to create a greater sense of urgency and FOMO."

This phishing scam can take multiple forms. Fabian Padilla, who runs the GamerThumbTV channel with 55,000 subscribers, received an email about a potential sponsorship for a PC optimization program called "AutoFaucets." Like SmashUp Light, the product does not currently exist online.

"The program wasn't loading up, and they sent me a 'fixed file,'" Padilla said. "Turns out this was spyware that stole my login for YouTube."

After downloading the program, the ownership of the channel was changed and Padilla was unable to log back in. The channel was eventually returned back to him after two weeks of correspondence with Google representatives.

Padilla claims he had started receiving "ransom emails from the scammer," asking for $450 delivered to a Bitcoin wallet in order to get his channel back. The channel was also being sold on the EpicNPC forums, where users can purchase monetized channels through a Skype or Gmail contact. Responding to an ad on the website returned an offer for a channel that "include[s] 1k+ subscribers and 4k+ watching hours" for $399.

Channels that want to avoid this phishing scam should work with companies that can confirm their legitimacy. Brand deals either come directly from a brand, a Multi-Channel Network, a manager you've already worked with or an integrations manager that contacts brands directly to manage their advertising budget. A real brand deal wouldn't have the initial rate featured up front, because a legitimate company wouldn't bother calculating how much an ad is worth before a potential client has expressed interest.

Affected content creators should make it clear that these livestreams are not legitimate and announce that subscribers should not click on any links in their compromised profiles.

We take account security very seriously and regularly notify users when we detect suspicious activity," a YouTube spokesperson said in a statement to Newsweek. Though Google accounts are secured "with automatic and built-in protections," users can use two-factor authentication or perform a security check on their account. If an account is compromised, members are asked to contact Google for assistance.

Coinbase Pro has not yet responded to a request for comment.