Linus Tech Tips YouTube Channel Hacked to Promote Crypto Scams

LTT YouTube hacked
(Image credit: YouTube)

Major PC tech YouTube channel Linus Tech Tips has been hacked and is unavailable at the time of publishing. From the events that have unfolded, it looks like hackers gained access to the YouTube creator dashboard for various LTT channels. After publishing some scam videos and streams, control of the account was regained by the rightful owners, only to fall again to the hackers. Now the channels are all throwing up 404 pages.

Hackers who took over the LTT main channel, as well as associated channels such as Tech Quickie, Tech Linked and perhaps others, were obviously motivated by the opportunity to milk cash from over 15 million subscribers.

(Image credit: YouTube)

Among the spammy videos the hackers quickly started to stream, were promotions for Bitcoin giveaways seemingly backed by the likes of Elon Musk and Tesla. The Bitcoin giveaway scam appeared to be phishing for people to reveal their crypto wallet details, reassured by a big brand like LTT and Tesla. You can see in the images that the channel names and logos were also edited by hackers, changing channels to ‘Tesla’ or ‘LinusTechTipsTemp’.

(Image credit: YouTube)

This story is still developing, and while this is unfortunate for LTT, the fact that the channels are locked down suggests normal service will be resumed in due course. We have heard complaints about YouTube security over recent weeks, with at least one well-known tech channel complaining about potential exploits in the comments section. Even more seriously, the eTeknix channel was hacked a few weeks ago, but has now been fully restored.

Surely some people are very busy in the background at both LTT and YouTube, with channel owner Linus Sebastian tweeting a slightly exasperated statement “Yes I know -_-”.

More revealing information was released to the LTT Floatplane channel (pay wall), with Sebastian stating that everything is now “locked down,” and that LTT is working with Google’s team to help ensure this kind of hack isn’t going to become more common.

Mark Tyson
News Editor

Mark Tyson is a news editor at Tom's Hardware. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason.

  • RichardtST
    And it's only going to get worse, even as more and more people slowly realize what a complete farce computer security is. When the solution is always "Add more hardware. Add more software. Add more complexity", the result is always the same. The KISS PRINCIPLE has long been abandoned.
    Reply
  • gfg
    There are already many important channels and with several million subscribers who suffer the same robbery and by the same subjects, with the same Tesla farce.
    This has been going on for several months and Google hasn't fixed anything.
    Reply
  • Giroro
    Is today the ideal day to finally get back on YouTube?

    Prompt: Generate a highly overphotoshopped and misleading technicolor picture with an ugly face, giving an expression that makes an overly positive ad for a forgettable mouse appear to be about the worst disaster in human history
    Reply
  • Sleepy_Hollowed
    They could just ban crypto from YouTube and that would solve this problem while they work on security.

    But they would never.
    Reply
  • heynow
    At this point, if people have anything to do with crypto, I have zero sympathy for them. Fools always have money and they continually get parted from it.
    Reply
  • hotaru251
    tbh YT (Google) is issue here.

    no plan for them have options to require authentication if new ip address is used.

    they should require 1-2 forms of it if new ip is logged in before able to publish/change anything.

    its basic security 101. you never let a dif ip not need authenticating. (even some games require this and lock down selling/deleteing items/characters.)
    Reply
  • Giroro
    hotaru251 said:
    tbh YT (Google) is issue here.

    no plan for them have options to require authentication if new ip address is used.

    they should require 1-2 forms of it if new ip is logged in before able to publish/change anything.

    its basic security 101. you never let a dif ip not need authenticating. (even some games require this and lock down selling/deleteing items/characters.)
    Not sure how 2FA is supposed to solve any of Google's problems. You log into YouTube using Gmail. You think somebody who can get a password to a Google account can't also get a password to that same Google account?

    It seems like a major annoyance to the user with no actual security benefit.
    Reply
  • atomicWAR
    RichardtST said:
    The KISS PRINCIPLE has long been abandoned.

    Not exactly...It's just KISSS now 'Keeping Information Stolen Sales Strong"
    Reply
  • tekwiz
    Giroro said:
    Not sure how 2FA is supposed to solve any of Google's problems. You log into YouTube using Gmail. You think somebody who can get a password to a Google account can't also get a password to that same Google account?

    It seems like a major annoyance to the user with no actual security benefit.

    Well usually the Gmail account password is the same as to the Google account isn't it? But yeah, by default, Google doesn't ask for anything more than the password and it alerts the user there has been a login from a new device, I guess it's up to the user to decide if they want some kind of 2FA...
    Reply
  • Nis Hollow Enterprises
    I was wondering what the heck happened and then I came here to look something up and now I know. You would think they had 2FA enabled on the accounts. Mind-blowing stuff.
    Reply