Linus Tech Tips, a YouTube 15-million tech channel, was hacked and then used to spread a cryptocurrency scam. It happened around March 23, 2023, and could have led to massive victims among channel subscribers. YouTube has already taken care of the channel by suspending it.
Who is Linus Tech Tips?
Linus Tech Tips is a YouTube channel that belongs to Linus Sebastian, a 36-year-old Canadian who started his channel on YouTube back in 2008. Five years later, his channel grew into Linus Media Group (LMG), which conglomerate other projects led by Linus, including his other YouTube channel. Additionally, he used the company to host conferences, as well as spread apparel labeled with Linus-related merchandise. In total, Linus Tech Tips and all other projects hosted under LMG counted over 25 million subscribers, with 15 million of them going alone from the primary YouTube account.
As you can see, the YouTube channel is a serious business that Linus has been running for over a decade. People used to trust him, and he used to rely on YouTube as an image-supporting element. Losing it, and especially burying the trust of the audience and advertisers via posting scam ads is disastrous.
Linus Tech Tips Was Hacked
On March 23, 2023, strange things happened to Linus’ YouTube channel. A row of dubious streams was launched, showing footage of crypto-world stars and other celebrities. They generally concentrate around Jack Dorsey (ex Twitter CEO), Elon Musk, Cathie Wood, and a couple of other people that were participating in The ₿ World 2021 event. Stream headlines were also less than regular – featuring completely irrelevant phrases regarding GPT-4, OpenAI development and Tesla company.
The most notable thing of these streams was a QR code that was redirecting the users to a website branded with a Tesla badge. That page offered users to send their crypto to a certain wallet to receive the doubled sum back. It also assured that all things are sponsored by Elon Musk, and is done to extend the crypto popularity. But as you may already guess, it is a scam.
Aside from streams and crypto scam websites, the exact channel was modified as well. Instead of a regular @LinusTechTips label, it was changed to @teslaliveonline1, then to @temporaryhandle and @LinusTechTipsTemp – probably, after the channel was suspended. Moreover, all the videos posted since 2016 were either deleted or switched to private.
The Situation is Under Control
Linus Media Group representatives contacted the audience later the same day. They say that all the situation is working out, and they cooperate with the Google support team.
Everything should be locked down and we are getting to the bottom of the attack vector with the (hopeful) goal of hardening their security around YouTube accounts and preventing this sort of thing from happening to anyone in the future.
They yet don’t mention any timeframes, reasons, victims and guidelines to other YouTubers who were struck the same day. ThioJoe, Technique, and TechLinked – other tech tips channels – report about being hacked with similar consequences. In total, they bring up another 5 million of potential victims.
How Bad is The Linus Tech Tips Hack?
Cryptocurrency scams fronted by Elon Musk, Cathie Wood and other worldwide-known personalities is not something new. They’ve been around for at least 3 years – and possibly even longer, if we count the cases before they obtained their “pattern”. This pattern typically rolls around the offer to send a certain sum of cryptocurrency to the designated wallet. In return, the website promises to send you twice as much as you’ve sent. The multiplier may change from one case to the next, but the overall essence is the same.
The situation around Linus Tech Tips is worsened with the astonishing amount of audience. 15 million people are exposed – yet for sure not all of them fell victims. Nonetheless, the possible amount of people that could potentially be tricked into that is enormous. It is most likely comparable to similar crypto scam page advertisements spread through celebrities’ accounts on Twitter in 2021. But if we sum up users of all the channels that were hacked around this date – things go really troublesome.
How Could That Happen?
Most common tricks that target YouTube content creators (and creators from other platforms) are cookie hijacking and fake freeware ads in Google Search. We will leave aside delivering spyware or stealers via unlicensed software, as all the hacked YouTubers are least likely to use cracks.
Session hijacking is a trick that aims at grabbing the victim’s session tokens. That operation is done through a malicious link that generally arrives to the victim in an email. The latter is disguised as some routine security mailing, and supposes following the link to solve the issue. It often looks like a legit one, and hovering over it does not uncover third-party sites. However, clicking it redirects you through a chain of pages, where your session token is getting hijacked. That token gives the hackers full control over your account. That trick was around for a long time, but is used quite rarely as it requires a number of circumstances to coincide.
Malicious links in free software queries in Google Search is, on the other hand, a rather new topic. Not so long ago a wave of malicious sites started to pop up as soon as you google LibreOffice, Python, Blender, or similar programs. Following such a link will show you a page that roughly resembles the genuine downloading page of these programs. This, however, is not a big issue for users who never dealt with the original page. Moreover, people used to trust Google Ads, wherever they see them, thus will probably click without any hesitation. File downloaded from such a source generally contains Vidar or RedLine stealer.