Through yet another fake YouTube cryptocurrency giveaway, some scammers have made away with more than $1,680,000 from their victim's crypto wallets after promising immediate high returns on cryptocurrency investments.

Group-IB, a Singapore-headquartered cybersecurity firm, disclosed this on Friday on its website.

The scammers defrauded the victims of the said sum between February 16 and 18, 2022, Group-IB said, adding that the exact number of victims and the total amount of stolen funds remains unknown.

The scammers were said to have run 36 fabricated cryptocurrency giveaways via YouTube streams and used footage of Elon Musk, Vitalik Buterin, Michael Saylor and other crypto enthusiasts from legitimate events to create their own fraudulent streams.

These YouTube channels appear to have either been hacked or purchased from underground markets, the company said.

Group-IB explained: “On average, such streams attracted between 3,000 and 18,000 viewers. One fake stream featuring footage of Vitalik Buterin drew more than 165,000 viewers who were promised that their crypto savings would be doubled in real-time.”

The Scammers’ Gimmicks

According to Group-IB, the scammers spread links to their websites in the description pages of their YouTube streams. These websites, the company noted, had been designed to show visitors “the mechanism behind a fake giveaway.”

Several domain names often displayed one and the same crypto wallet address, the company further said, adding that its experts detected more than 30 crypto wallets used for the scheme with a total remaining balance of $933,963.

Group-IB said its analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 interconnected resources all set up in the first quarter of 2022.

“Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year,” the firm said.

YouTube crypto giveaway scam
Source: Group-IB

The most popular cryptocurrency used by fraudsters as part of the scheme was Ethereum, the company added.

Further, the cybersecurity company said its Computer Emergency Response Team (CERT-GIB) experts had initially retrieved the links to 29 interconnected websites featuring the guidelines on how to double the cryptocurrency investments.

Most of the websites were said to have used a similar eye-catching design and high-quality images related to cryptocurrency.

Group-IB explained: “When analyzing scam websites promoted during the fake streams, CERT-GIB experts detected an unusual technique.

“Depending on the cryptocurrency and type of crypto wallets, scammers asked visitors to their fake giveaway website to enter seed phrases to connect their wallets.

“Once a victim shares their seed phrase, fraudsters gain control over their wallet and can withdraw all funds from it. The exact number of victims and total amount of stolen funds remains unknown, but clearly, some victims could not resist taking the bait.”

Therefore, the cybersecurity firm urged crypto wallet users to be especially vigilant about free giveaways and not to share confidential data on rogue websites.

In addition, it urged users to double-check the legitimacy of the streams and the websites they are visiting using official sources only.

“If you cannot find any information about the promotion taking place, you are likely being deceived. Seed phrases must be kept secret and stored securely,” it advised.

“To do so, use password management tools. To minimize the risk of leakage, prioritize desktop solutions over cloud-based ones,” Group-IB added.

Rising Crypto Scams

There has been an increasing number of crypto scams in the past few years. Last year, illegal crypto transactions hit a record high.

A report by Chainalysis, a blockchain data platform, showed that illegal crypto addresses received almost $14 billion in 2021, compared to $7.8 billion in 2020.

Social media has been an important source for scammers using the names and pictures of celebrity crypto enthusiasts to perpetuate crypto scams.

The Co-Founder of Apple, Steve Wozniak, in July 2020, sued YouTube for its alleged inaction against bitcoin scams using his images and videos to lure potential victims.

In September 2021, Canada’s Vancouver Police Department (VPD) revealed that residents lost $2 million to cryptocurrency scams within a week alone.

Furthermore, corporate entities are not left out of the mix. Virtu Financial, Inc., an electronic market maker, in January this year issued a public warning to warn against cryptocurrency scammers posing as its affiliates.

Through yet another fake YouTube cryptocurrency giveaway, some scammers have made away with more than $1,680,000 from their victim's crypto wallets after promising immediate high returns on cryptocurrency investments.

Group-IB, a Singapore-headquartered cybersecurity firm, disclosed this on Friday on its website.

The scammers defrauded the victims of the said sum between February 16 and 18, 2022, Group-IB said, adding that the exact number of victims and the total amount of stolen funds remains unknown.

The scammers were said to have run 36 fabricated cryptocurrency giveaways via YouTube streams and used footage of Elon Musk, Vitalik Buterin, Michael Saylor and other crypto enthusiasts from legitimate events to create their own fraudulent streams.

These YouTube channels appear to have either been hacked or purchased from underground markets, the company said.

Group-IB explained: “On average, such streams attracted between 3,000 and 18,000 viewers. One fake stream featuring footage of Vitalik Buterin drew more than 165,000 viewers who were promised that their crypto savings would be doubled in real-time.”

The Scammers’ Gimmicks

According to Group-IB, the scammers spread links to their websites in the description pages of their YouTube streams. These websites, the company noted, had been designed to show visitors “the mechanism behind a fake giveaway.”

Several domain names often displayed one and the same crypto wallet address, the company further said, adding that its experts detected more than 30 crypto wallets used for the scheme with a total remaining balance of $933,963.

Group-IB said its analysis of the scammers’ domain infrastructure revealed that the 29 websites were part of a massive network of 583 interconnected resources all set up in the first quarter of 2022.

“Notably, there were three times as many domains registered for this scheme in less than three months of 2022 compared to the whole of last year,” the firm said.

YouTube crypto giveaway scam
Source: Group-IB

The most popular cryptocurrency used by fraudsters as part of the scheme was Ethereum, the company added.

Further, the cybersecurity company said its Computer Emergency Response Team (CERT-GIB) experts had initially retrieved the links to 29 interconnected websites featuring the guidelines on how to double the cryptocurrency investments.

Most of the websites were said to have used a similar eye-catching design and high-quality images related to cryptocurrency.

Group-IB explained: “When analyzing scam websites promoted during the fake streams, CERT-GIB experts detected an unusual technique.

“Depending on the cryptocurrency and type of crypto wallets, scammers asked visitors to their fake giveaway website to enter seed phrases to connect their wallets.

“Once a victim shares their seed phrase, fraudsters gain control over their wallet and can withdraw all funds from it. The exact number of victims and total amount of stolen funds remains unknown, but clearly, some victims could not resist taking the bait.”

Therefore, the cybersecurity firm urged crypto wallet users to be especially vigilant about free giveaways and not to share confidential data on rogue websites.

In addition, it urged users to double-check the legitimacy of the streams and the websites they are visiting using official sources only.

“If you cannot find any information about the promotion taking place, you are likely being deceived. Seed phrases must be kept secret and stored securely,” it advised.

“To do so, use password management tools. To minimize the risk of leakage, prioritize desktop solutions over cloud-based ones,” Group-IB added.

Rising Crypto Scams

There has been an increasing number of crypto scams in the past few years. Last year, illegal crypto transactions hit a record high.

A report by Chainalysis, a blockchain data platform, showed that illegal crypto addresses received almost $14 billion in 2021, compared to $7.8 billion in 2020.

Social media has been an important source for scammers using the names and pictures of celebrity crypto enthusiasts to perpetuate crypto scams.

The Co-Founder of Apple, Steve Wozniak, in July 2020, sued YouTube for its alleged inaction against bitcoin scams using his images and videos to lure potential victims.

In September 2021, Canada’s Vancouver Police Department (VPD) revealed that residents lost $2 million to cryptocurrency scams within a week alone.

Furthermore, corporate entities are not left out of the mix. Virtu Financial, Inc., an electronic market maker, in January this year issued a public warning to warn against cryptocurrency scammers posing as its affiliates.