The Bitcoin scam that hackers deployed while breaking into the Twitter Inc. accounts of political leaders and business titans last week closely resembles similar schemes used previously on YouTube.
In the July 15 Twitter attack, hackers hijacked accounts belonging to Barack Obama, Elon Musk, Joe Biden and Jeff Bezos and asked their followers to send Bitcoins to their crypto wallet with a promise to double the amount. In a matter of hours, the hackers had accrued more than $100,000.
But before compromising those accounts, the hackers targeted the Twitter accounts of popular cryptocurrency exchanges, such as Coinbase Inc., Gemini Trust Company LLC and Binance Holdings Ltd. In this case, the attackers tweeted a link to a website dubbed “CryptoForHealth,” which also promised to double donations made to a crypto wallet.
The move caught the attention of computer security researchers, who say similar scams were perpetrated in recent months on Google’s YouTube. One of the researchers, who like his colleagues requested anonymity because he isn’t authorized to speak publicly, said it isn’t yet clear who was behind the Twitter hack but said that the YouTube scams appeared coordinated.
The earlier attacks make clear that stealing user accounts to perpetrate cryptocurrency scams isn’t a problem unique to Twitter. The possibility that the incidents are connected may give investigators additional ways to identify the perpetrators, people familiar with the scams say. In online forums, several people have claimed to know the identity of the person behind the CryptoForHealth websites.
One website used as part of the apparent YouTube scams, “btc-gemini.info,” looks almost identical to the “CryptoForHealth” site. Beyond the visual similarities, the sites share technical details, such as IP addresses and website code, according to a Bloomberg review of the data.
The links between the schemes on Twitter and YouTube aren’t definitive, according to the researchers and Bloomberg’s analysis. But at the very least, it shows how easily they can be duplicated, they said.
Alex Joseph, a YouTube spokesman, said the company takes account security seriously by automatically protecting users and notifying them when suspicious activity is detected. “If a user has reason to believe their account was compromised,” he said, “they can notify us to secure the account and regain control.”
YouTube declined to address whether the alleged crypto scams on its site were related to the Twitter hack. On Tuesday, Apple Inc. co-founder Steve Wozniak filed a lawsuit in state court n California alleging that YouTube has for months allowed scammers to use his name and likeness as part of a phony Bitcoin giveaway.
In the alleged YouTube scams, a hacker typically gained control of an account and made it look like an official page of a cryptocurrency exchange or celebrity. Taking over a YouTube account with an already established following lets the hackers reach a wide audience. That was the same goal with last week’s Twitter hack, which hijacked accounts with tens of millions of followers.