Hackers Hijack Indian Crypto Exchanges and Influencers’ YouTube Channels

As the crypto industry continues to grow around the world, hackers are also stepping up their efforts to scam and steal digital currencies. On Monday, January 24, the Youtube accounts of some of India’s top crypto exchanges and influencers were compromised.

The hack was identified when hackers uploaded videos to the Youtube channel promoting a fake coin named “One World Cryptocurrency”. The hacker also added a wallet address in the description so viewers can send cryptocurrency as shown in the uploaded videos.

Victim crypto companies include WazirX, CoinSwitch Kuber, CoinDCX, and Binance-owned Unocoin.

A few of the affected exchanges conducted investigations and found that the hackers did not perform any suspicious activity on the accounts, such as “password reset”, after gaining access to the accounts. While WaxirX says they have contacted YouTube and are awaiting their response.

The total crypto market capitalization is 0.71% lower than yesterday. Source: commercial view

Vice President of Marketing at WazirX, Rajagopal Menon, asserted,

“There has been a systematic hack on several YouTube crypto accounts around the world. Fortunately, our team captured the fraudulent video within seven minutes of it being uploaded to our channel and removed it. By performing a diagnostic, we did not find any security flaws on the WazirX side that could have allowed hackers to access our channel.

A CoinDCX representative also tweeted on Monday and noted:

“Our security team quickly identified and removed the fraudulent video posted on CoinDCX’s channel, limiting the scope of the video. For the few of our followers who saw the video before it was removed, please disregard all of its content.

The Reason for the Recent Crypto YouTube Account Hijacking in India

We have reached out to leading cybersecurity and privacy industry investigator, PrivacySavvy, to comment on the incident.

According to the statement by PrivacySavvy founder and cybersecurity expert Ali Qamar, the compromised integration of Youtube channels with third-party APIs (application programming interfaces) to enable live streaming was the cause of the incident. An API is a type of software application that allows multiple software to communicate and collaborate.

Social account hacking is not new in India. Even Indian Prime Minister Narendra Modi’s Twitter account was hacked last December.

Related Reading | YouTube Crypto Scams Rise as Victims Lose Millions

After Modi’s Twitter account was hacked, the hacker tweeted that India had “officially adopted bitcoin as legal tender” and also “the government has officially purchased 500 BTC and is distributing them to all residents of the country.”

Also, in September 2020, an unknown group hacked into Modi’s Twitter account linked to his personal app and website.

According to the Chainalysis report, published in December 2021, crypto scammers managed to steal nearly $14 billion last year. Ultimately, users are responsible for implementing best practices to protect their coins. The easiest way to avoid being scammed is to pay attention to the red flags that often resemble classic credit card fraud and money transfer scams.

                Featured image from Unsplash, chart from TradingView.com

Raymond T. Helms