Deepfaking celebrities such as Vitalik Buterin and the President of Salvador pays really well for scammers but not for their victims

Have you ever been directed by some dubious online ads or URLs to one or more videos on YouTube, Twitch and crypto streaming platforms featuring celebrities like Elon Musk or Vitalik Buterin touting high-return crypto schemes?

Viewers of the deepfaked YouTube clips may end up being convinced to visit a promotional website to “double their crypto investment” — by transferring their crypto funds to a specified address or disclosing the seed phrase of their crypto wallet to “receive even better terms”.

Group-IB researchers have noted that the scams have been scaled up significantly. In the first six months of 2022, more than 2,000 domains have been registered explicitly to be used as fake promotion websites. This figure is a five-fold increase compared to the registrations in H2 last year.

Over 60% of the scam domains involved were registered via Russian domain name registrars. However, such resources usually use generic top-level domains because they are designed to steal cryptocurrency from English-speaking users. All content on fake websites is in English and sometimes in Spanish.

Fake ads using real photos of celebrities and sensational headlines grab the attention of potential victims online.

To set up a fake stream, threat actors either highjack YouTube accounts themselves using dedicated stealer tools, or buy/rent accounts on underground forums for a percentage of the stolen funds, which in most cases is between 10% and 50% of the streamer’s earnings. After gaining access to a legitimate account, a fake crypto streamer renames the channel, deletes all the previously uploaded videos from the playlist, changes the user pic, adds new design features, and uploads relevant crypto-related content.

Readers are advised to be vigilant about free giveaways and not to share confidential data on rogue websites. Double-check the legitimacy of the streams and the websites diligently. Seed phrases must be kept secret and stored securely. To minimize the risk of leakage, prioritize desktop solutions over cloud-based ones. You risk being deceived twice if you have already transferred your crypto to fraudsters and want your money back.  People who message victims on forums offering help often turn out to be scammers themselves!