TL;DR: Clever scams.

Hello Professionally Curious One!

Today’s piece is inspired by a piece of content that was shared in a slack channel with crypto learners and fans. Specifically, crypto scams, and how they can look. The biggest risk in any technology and security system is human behavior.

If you can trick the human, you can trick the system. Simple as that. Today we’ll look at how a group of scammers are continuously running an online scam by taking over old Youtube accounts and placing content that gets recommended by Youtube.

As always, you can find TL;DRs and graphics shortcuts explaining the concepts.

Find New Newsletters to Read

In Case You Missed It

• Practice does not make perfect

• The first NFT restaurant

• Crypto Business Income Accounting Hell

Sections You Can Skim To:

• What’s the Scam?

• How does the Scam work?

• What can I do?

What’s the Scam?

TL;DR: Scammers get you to send crypto by borrowing the fame of business leaders and top companies - all irreversible.

It’s quite easy to get scammed. In the Crypto world, it’s not unique. There have been online scams since the internet was created. One of the first internet based scams happened in the 1990s using AOL. Fun fact, AOL still exists today. Saved you a click.

Last week, a major crypto conference was going on in Florida.

Conveniently enough, several “Official” looking channels, complete with logo and color scheme, have appeared on Youtube, with their own websites.

They look like this.

These scams are consistently getting run across many platforms, and they are predatory in nature, designed to make it look like there’s “free money” out there.

If you get scammed, there’s nothing you can do except claim a loss.

How does the Scam Work?

TL;DR: Scams are extremely compelling and prey on your ability to not validate it.

The scam I am showing you are from May 17, with the first ones appearing sometime around 10 am PST, at least on my feed. Source: I run Youtube Video Essay Channels in the background all day, which due to Youtube’s algorithm prioritizing SEO-hijacked items, odd videos will appear.

These scams all use some combination of Youtube Live and a website to completely trick you. And it’s not just one account. It’s actually several dozen accounts all broadcasting consistently throughout today.

Here’s a play by play on what they look like, and what’s compelling:

This one is pretty good.

• It has the stylized Tesla colors

• The channel name is innocuous.

• Its supported by Youtube’s recommended playlist, all pointing to “legit looking” streams

• The account (not pictured) is from 2009.

If you click the channel name, you’ll be greeted with…

LOL.

This next one is suspicious-

Uses Elon Musk talking at a Tesla Factory, with a simple call to action on the right side. A stylized banner is placed around it making it look “somewhat legit”, and it comes from an account that says “Tesla NEWS”.

It is reinforced by a recommended Youtube video with 8k watches around the same topic, lending some level of false credibly to this scheme.

This next one is incredibly compelling because it has its own videos, juxtaposed with actual legitimate content from Tesla.

The untrained eye, unfamiliar with Crypto and Tesla would believe this to be credible enough.

It’s not. But its compelling.

To reduce the cookie tracking factor - I did an incognito mode with a deleted search history and cache.

Here’s what I get recommended by Youtube.

Certain key words will bring more of the same video up (which, that is a red flag in itself).

This next one isn’t as compelling, but it was the most fun to look at.

Heavy usage of Tesla colors, with 4 speakers, and other recommended videos to complement it.

And if you are wondering what content they use for this, its from May 2021 when Elon was dumping BTC.

Here’s what this URL “2XETHEREUM” looks like - before it got taken down.

It borrows clean design and uses Elon Musk as a way to establish credibility.

It defaults to a clean address, and even gives you a wallet address to transmit it to, making it “so easy to get money”.

It even has a “history of recent transactions” to make it look like it’s legit and that you could be next.

But you see, this is Web3.

In Web3, everything is and should be transparent.

I don’t have to take a company or website belonging to that company’s word for it. And I shouldn’t.

I can verify this kind of “proof” myself. I can go and literally look up their wallet address to see what is happening.

So I did.

Below is a screenshot from a blockchain explorer, an independent service that monitors blockchain activity. It runs on the principle that the blockchains in question are transparent, that their transactional activity is public, and that it can be looked at in real time.

As it would turn out, a lookup of the wallet shows…

Looking at the top, right under the word “Address”, you can see a summary statement from the service that basically says that this wallet has sent 0.00000 BTC token in its lifetime. But unfortunately, it received 1 2 2.5 BTC. Seriously.

I checked back a few days, and the 9 accounts I was monitoring were banned; there are dozens more that have appeared.

What can I do?

TL;DR: Always verify and corroborate. If its too good to be true, then don’t participate.

Years of working with information security has made me both a digital native, and occasional digital guardian.

Here are my 3 take-away to protect yourself:

• Trust but always verify using independent services or people. Blockchain/wallet analyzers or reputable watchdog-like content creators are the go to.

• Too Good to Be True: if it’s too good to be true, its too good to be true.

• Donator Beware: Don’t you ever donate to a “non-profit looking” fund that supports a cause you identify with until you vet the living shit out of it including Tax ID, Third Party Verification, and Impact Analysis.

Stay safe.

p.s. If you’re familiar with double checking your bank routing and account numbers for online transactions, well, crypto wallet transactions are a whole new level of OCD.