Our Take on YouTube Bitcoin Scams

The Gemini Security team has seen an increase in crypto scams, as digital currencies have gained in popularity over the last year. These scams occur when hackers compromise a social media account and post deceptive content in order to solicit cryptocurrency from the account’s followers. The deceptive content posted by these hackers usually references prominent cryptocurrency exchanges, celebrities, or business leaders in order to exploit the victim’s trust.

Earlier this month, hackers associated with these scams escalated their activity when they compromised two YouTube channels that maintain over eight million subscribers. In this particular case, the hackers modified these channels to impersonate our brand, using the Gemini name and logo. In light of these ongoing events, we want to share how these attacks work, discuss Gemini’s ongoing actions to protect our customers, and provide some tips for YouTube channel owners to better secure their accounts.

What Happened With the Hacked Accounts Impersonating Gemini?

The hacked YouTube accounts involved in this month’s events belonged to popular gamers Natalan and El Fedelobo, both of whom lost access to their YouTube channels. The hackers then used the compromised accounts to impersonate Gemini and perpetuate a cryptocurrency giveaway scam. Thankfully, after numerous reports flagging the videos and channels as scams, YouTube was able to step in and restore channel access to the rightful owners.

How Crypto Giveaway Scams Work

Giveaway scams are the most prevalent type of crypto scam and are typically posted to Facebook, Twitter, Medium, and YouTube.

Most of these scams have similar components:

1. A hacker compromises and/or impersonates a social media account of a prominent public figure or crypto exchange.
2. The account begins soliciting bitcoin or ethereum with a “send one, get two back” scheme. For any unsuspecting victims who send through crypto to the wallets highlighted on the fake accounts, that crypto will be lost forever. To be clear, neither Gemini, nor any reputable cryptocurrency exchange, will ask you to transfer cryptocurrency payments through social media accounts. To deposit cryptocurrency with Gemini, always make sure you receive the wallet address directly from Gemini.com.
3. Scammers often go one step further by incorporating a sense of urgency. This could manifest itself as a “Live Video” on YouTube or a statement noting that only a limited number of coins will be "given" away. The goal here is to encourage victims to act quickly and without scrutiny.

Once a victim sends funds to a "giveaway" address, they are gone forever. Due to the finality of cryptocurrency transactions, there is no way to reverse a transaction unless the recipient decides to return the funds. This makes these types of “giveaway” scams highly effective for malicious actors.

What We’re Doing to Protect Gemini Users

Gemini’s Security Team takes scams seriously and we use custom developed tools and third party services to proactively search the web and social media for scams, including those impersonating our brand. We are constantly analyzing trends in the space, updating our procedures, and building upon our scam detection systems.

Once alerted to a scam, Gemini protects our customers by blocking transactions to bad wallet addresses. Within the past three months alone, Gemini has prevented dozens of transactions destined for scam wallet addresses, saving our customers more than $200k.

How to Protect Yourself From Crypto Scams

The best protection is to educate yourself — anyone seeking to invest in cryptocurrency should be acutely aware of scams impacting the industry. Gemini covered a number of scams affecting the crypto ecosystem in a previous blog post. An easy rule of thumb is that if you don’t recognize a website or social media account, do not interact with it. Gemini will never ask you to send cryptocurrency through social media, and other reputable exchanges shouldn’t do so either.

How to Protect Yourself as a YouTube Channel Owner

The events earlier this month not only affected the targets of the crypto scam, but also the YouTube channel owners. It can be confusing and frustrating to wake up one day to see your channel changed without your permission. If you find yourself in this predicament, follow these steps laid out by Google to recover your account. Additionally, to protect yourself from this ever happening in the first place, it's important to secure your Youtube account. We would like to highlight using security keys for two-step verification as an especially strong defense against account takeovers. In fact, this is what we at Gemini recommend to our customers as well.

Online scams are not new or limited to the cryptocurrency industry. But crypto users must be more aware of scams since all crypto transactions are final, unlike in traditional banking. Gemini’s Security and Fraud teams are continuously enhancing our ability to protect our customers from scams and other threats. If you’re passionate about building security solutions that solve unique challenges, consider applying to one of the many roles we have open on the Security Team at Gemini.

Onward and Upward,

Tory Cullen
Associate Director, Threat Detection & Response