Multiple YouTube channels under the Linus Media Group (LMG) brand have been restored after being hijacked by crypto scammers. The main Linus Tech Tip YouTube channel, which has amassed over 15 million subscribers, went offline on Thursday, as did the TechQuickie and TechLinked channels. It appears all three were impacted by the same hackers.
The channels stayed live briefly early Thursday morning, promoting bogus livestreams that included pre-recorded footage of tech personalities like Elon Musk and Jack Dorsey talking about cryptocurrency. The streams redirect to websites embedded with cryptocurrency scams.
Before the accounts were suspended, the hackers also revealed several videos on the channel that had been set to Private, including approval video drafts for sponsors and test clips. After all three channels were brought back, the main Linus Tech Tips channel released a video explaining what happened.
The accounts were compromised through a session token attack. An employee opened a malicious file that compromised their browser, which was logged into the LMG channels. This type of attack means bypasses the need for a password, and more importantly, bypasses any two-factor authentication.
LMG isn’t the first to experience this type of hack. Over the past year, several fake VEVO channels have popped up around large album releases that promote the same fake livestream. Some of the artists include Kendrick Lamar and Drake.
These types of scams can spread quickly due to how they’re designed. If you’re subscribed to a channel, YouTube will notify you when the channel starts a livestream, unlike when the channel simply uploads a video. The scammers generally change the name and icon of the channel, and due to overtaking popular, Verified channels, display a badge indicating they’re a legitimate channel.
That was the case for LMG. The main Linus Tech Tips YouTube channel retained its logo and badge, but the other smaller channels had their logo changed to a Tesla logo. The channels are generally renamed to “teslaliveonline” or something similar.
YouTube has seen an uptick in hackings from crypto scammers over the past year, and the company has yet to implement any features to mitigate the problem. Given the wide-reaching nature of the hacks, and the high-profile channels they can target, it’s clear the platform needs features to reduce the potentially devastating impact of a hack like this.
