Coin Bureau Youtube channel hacked despite 2FA protection
Coin Bureau, a popular information portal for cryptocurrency developments with over 600,000 followers on Twitter, experienced a security breach on its Youtube channel on Monday. Hackers allegedly uploaded a video with links to scam fiat/cryptocurrency addresses soliciting a token sale before being taken down by Youtube. According to Coin Bureau staff, they were baffled by the incident as its accounts were "secured with ultra-strong passwords and Google security keys."
So our YouTube channel was just hacked. Have absolutely no idea how this happened. All accounts are secured with ultra strong passwords and Google security keys. @YouTubeCreators this is a serious problem which other creators are also experiencing. Please fix
— Coin Bureau (guy.eth) (@coinbureau) January 24, 2022This was by no means an isolated incident. Prominent crypto Youtubers such as Ivan on Tech and Real Vision Finance have had their accounts compromised within the past few days. It appears to have been a coordinated effort as hackers uploaded a video titled "One World Cryptocurrency," that solicited the same type of token sales across all breached accounts. In addition, the accounts were all logged in from an IP address in the Philippines, although the VPNs were widespread, which makes it difficult to track exact login locations.
Seems like it's happening to other YouTubers at the same time. @Altcoinbuzzio @FloydMayweather Also possibly @IvanOnTech @aantonop (seen by my telegram members). pic.twitter.com/WvknuyL3Px
— Boxmining (@boxmining) January 23, 2022It's unclear how much the hackers took in as both creators and Youtube quickly took down the scam videos. However, there have been unconfirmed reports from Twitter users claiming losses. One user, @James86965119, allegedly transferred $1,000 worth of digital currencies to the fake addresses posted by the hacker. In addition, if the allegations from the Youtubers are proven, then it would raise questions regarding the effectiveness of Google's two-factor authentication service. Theoretically, hackers would not be able to access one's Youtube account unless they had both the password and security key.