Google ‘asleep at the wheel’ on crypto deepfake scams

A cybersecurity expert has called out Google for insufficient preventive measures against crypto-targeted deepfakes featuring names like Bitcoin and Elon Musk.

Recently, scammers used a fabricated YouTube video of billionaire and Tesla CEO Elon Musk to trick unsuspecting users of cryptocurrencies, including Bitcoin (BTC).

Bad actors used artificial intelligence and real video clips to create YouTube Live sessions that directed crypto users to deposit BTC across multiple websites. The campaign has garnered hundreds of thousands of views and potential losses are not yet known.

National Cyber ​​Security Center (NCC) founder Michael Marcotte said in a press release sent to crypto.news that scammers launched “a personal attack on Elon Musk as well as his ability to bring consumer confidence in Bitcoin to its knees.”

Additionally, hackers promised to double user funds by using Russian domain registrars for cryptocurrency deposit platforms. According to Marcotte, criminals may have used this tactic to mislead law enforcement. “This unusual attack fingerprint raises serious questions about the underlying purpose and source,” the expert said.

Marcotte: Google must do more

As the NCC veteran highlighted, the scammer used an account with nearly one million followers and 250 million views. Marcotte noted that this case calls Google’s policies into question, as malicious users assumed legitimacy by impersonating a verified Tesla YouTube account.

“The real indictment was that the scammers were able to carry out this scam on YouTube for hours over the weekend before YouTube was shut down. In this particular case, it is clear that Google’s cybersecurity team was asleep at the wheel,” Marcotte said via email.

The expert said the Google team deserved the benefit of the doubt, but emphasized that a breach of this magnitude should be flagged and addressed quickly.

recurring concerns

Users have complained about attack vectors not controlled by Google that have led to crypto losses in the past. Last month, crypto.news reported on a fake Aggr Chrome extension used to bypass Binance security. On June 3, multiple reports of $1 million in losses in connection with the same extension emerged. In April, scammers used paid ads on the massive search engine to promote a malicious OTC crypto platform.

[𝕏] #Binance Accounts may be at risk if users download Aggr, the Google plugin powered by KOL! A Chinese user lost $1 million on May 24, and another user was hacked on March 1. Hackers use hijacked cookies to bypass password/2FA and access accounts pic.twitter.com/e1bIyjhm9B

— BecauseBitcoin.com (@BecauseBitcoin) June 3, 2024

The Alphabet subsidiary has sometimes stood up and sued scammers for planning their criminal campaigns. But both users and experts agree that the company needs to do more to combat these incidents.

“It is now clear that we are moving towards a world where the line between real and fake is increasingly blurred. “This weekend’s scam needs to be a radical wake-up call for the rest of the industry.” Marcotte noticed this.