News
Google ‘asleep at the wheel’ on crypto deepfake scams
A cybersecurity expert has called out Google for inadequate preventative measures against deepfakes targeting cryptocurrencies involving Bitcoin and figures like Elon Musk.
Recently, scammers exploited a fabricated video of billionaire and Tesla CEO Elon Musk on YouTube to scam unsuspecting users of cryptocurrencies, including Bitcoin (Bitcoin).
The attackers used artificial intelligence and real video clips to create YouTube Live sessions that directed cryptocurrency users to deposit BTC on multiple websites. The campaign garnered hundreds of thousands of views, and possible losses are not yet known.
National Cybersecurity Center (NCC) founder Michael Marcotte said in a press release sent to crypto.news that scammers are launching a “personal attack on Elon Musk and his ability to bring consumer confidence in Bitcoin to its knees “.
Additionally, hackers used Russian domain name registrars for cryptocurrency deposit platforms, promising to double users’ funds. According to Marcotte, the perpetrators may have used this tactic to misdirect law enforcement. “This unusual attack fingerprint raises serious questions about the underlying intent and source,” the expert said.
Marcotte: Google needs to do more
As the NCC veteran pointed out, the scammer was using an account with nearly one million followers and 250 million views. Marcotte said the case calls into question Google’s policies as attackers assumed legitimacy by imitating a verified Tesla YouTube account.
“The real allegation was that the scammers had managed to perpetrate this scam on YouTube for hours over the weekend without the system being disrupted. It is clear in this particular case that Google’s cybersecurity team was asleep at the wheel,” he said. Marcotte stated via email.
The expert said GoogleThe team deserves the benefit of the doubt, but stressed that a breach of this magnitude should have been quickly reported and addressed.
Recurring concerns
Users have complained about attack vectors left unchecked by Google, which have led to cryptocurrency losses in the past. Last month, crypto.news reported a fake Aggr Chrome extension used to bypass Binance security. On June 3, multiple losses of $1 million related to the same extension were reported emerged. In April, scammers used paid ads on the giant search engine to promote a malicious OTC crypto platform.
[𝕏] #Binance accounts could be at risk if users downloaded the Google Aggr plugin! promoted by KOL. A Chinese user lost $1 million on May 24, and another user was hacked on March 1. Hackers use hijacked cookies to bypass passwords/2FA and access accounts pic.twitter.com/e1bIyjhm9B
— WhyBitcoin.com (@BecauseBitcoin) June 3, 2024
Alphabet subsidiary sometimes reacted and sued scammers for creating criminal campaigns. However, both users and experts agree that the company should do more to address these incidents.
“It is now abundantly clear that we are moving towards a world where the line between real and fake is increasingly blurred. This weekend’s scam must be a radical wake-up call to the rest of the industry.” – Marcotte observed.