Blog

Crypto Scammers Game YouTube for Amplification While Keeping Under Radar, Researchers Find

Feb 28, 2023

By Joe Fay

Joe fay - isc2 - withsecure cryptoscam research 28 2 2023 iStock-1341908462 Not even a pyramid scheme – they just convince people to give away their money. 

A network of crypto scammers has been able to game YouTube’s algorithms to publicize and amplify fraudulent investment apps without triggering the video platform’s safety team, researchers at WithSecure have said . 

The network used YouTube to post and boost videos encouraging victims to take part in fraudulent USDT (Tether) cryptocurrency investment schemes. Users were promised lucrative returns when they moved cryptocurrency from their wallets into wallets associated with the “apps” highlighted in the videos. 

WithSecure Intelligence Researcher Andy Patel tracked over 700 URLs hosting the suspect apps, although thousands more could be implicated. Patel said his analysis during the latter half of 2022 suggested a network of 30 members were using hundreds of YouTube channels and automation to instigate “inauthentic engagement” with thousands of videos touting the fraudulent apps. 

The videos themselves were low quality and not particularly sophisticated, invariably following the same script. Some of the apps featured trivial tasks and simplistic games, which could earn participants more rewards. 

The videos would demonstrate how “investors” could withdraw their money at any time. By extracting wallet addresses from the YouTube videos, Patel was able to map out a potential network of “seeding” accounts, app wallets, victims, and receiving addresses. Patel’s analysis showed that no currency was ever moved back to the “investors’” wallets. 

“It’s not even a pyramid scheme,” said Patel. “Literally they just convince people to give away money. And that’s it. Simple.” 

Patel used the YouTube API to pull data down the network, before subjecting it to data analysis techniques, including constructing node edge graphs highlighting interactions within the dataset. He did the same for the crypto wallet addresses featured in the videos to track interactions between potential “victim wallets” and potential “app wallets”. 

Over the period analyzed, the network was able to generate around $100,000 in revenue from 900 victims. However, Patel said, the scammers were opportunistic and were clearly hoping to snag “investors” willing to transfer larger investors. As the reach of the network increases, so does the likelihood of finding such investors. 

Patel’s research could only analyze a limited number of accounts and may have missed a large number of additional wallets. 

WithSecure’s report detailing the research said that given the number of channels involved, the amount and frequency of content posted, and the length of time they had been operating, “It is highly surprising that they weren’t already spotted and taken down.”  

It added, “It would be nice to know that YouTube’s administrators take inauthentic amplification seriously and are devising more generic methods to detect and counter such activity in the future…The fact that YouTube verified accounts have partici­pated in the advertising of these scams is worrying.” 

WithSecure noted that according to the U.S. Federal Trade Commission (FTC), nearly half of the 46,000 people that reported falling prey to crypto scams had initially been hooked via a social media platform. 

We contacted Google for comment but have not had a reply at the time of publication.