Linus Tech Tips, a popular YouTube channel with 15.3 million subscribers, has been hacked. Instead of tech hardware reviews, the channel was flooded with videos for crypto scams, marking the latest in a series of high-profile YouTube accounts being hacked. Scammers have been gaining access to prominent accounts, renaming them, and live-streaming crypto scam videos.
The main Linus Tech Tips channel was breached early in the morning, with several live videos broadcast before the hacker started making old private videos public. Other Linus Media Group YouTube channels, including Techquickie and TechLinked, have also been breached and given new names focused on Tesla.
It’s unclear how the channels have been breached, but owner Linus Sebastian tweeted that he was aware of the situation. In a statement posted to Floatplane, a streaming service spun out of Linus Media Group, he said that the company is working on it with Google and is hopeful of hardening their security around YouTube accounts and preventing this sort of thing from happening to anyone in the future.
This latest breach is part of a series of hacks designed to promote live streams that push viewers to amateur-looking crypto sites through links or QR codes. The British army’s YouTube channel was hacked last year to promote crypto scams, just months before tens of thousands of “viewers” watched a fake Apple crypto scam on YouTube. Popular Vevo channels on YouTube for artists like Lil Nas X, Drake, Taylor Swift, and more were also affected by a breach last year that saw videos uploaded from an “unauthorized source.”
It is clear that YouTube could do more to prevent the damaging effects of these scams. One YouTuber claims they work through fake sponsors reaching out to creators, convincing them to download a file related to the sponsorship, which is just malware designed to steal cookies, remotely control PCs, and ultimately hijack YouTube accounts.
In light of these recent hacks, it’s clear that YouTube needs to implement tighter security measures. The Verge offered a few solid ideas such as a lockdown mode for high-profile accounts, combined with alerts for when a new location has signed in, which could help channel owners recover their YouTube accounts before any real damage is done. YouTube could also implement a guardian system where second approval from another account is required to rename a channel, delete videos, or even add two-factor prompts for channel actions. With these measures in place, YouTube can hopefully get this under control and put an end to these damaging breaches.