Cybercriminals are targeting the Counter-Strike 2 (CS2) community with streamjacking scams. According to Bitdefender Labs researcher Ionuț Băltăriu, these targeted attacks, using hijacked and faked eSports streamer accounts as trusted vectors, have been behind a spate of "stolen Steam accounts, cryptocurrency theft, and the loss of valuable in-game items."
Streamjacking attacks that can scam crypto from innocent gamers may sound rather futuristic. Still, the concept behind the con is pretty old – impersonating a trustworthy entity to get a victim to part with their valuables. In this case, the pattern behind the con trick was broken down step by step by Bitdefender, as follows:
- Scammers find legitimate YouTube accounts with existing subscriber bases that they can compromise and take over.
- After gaining account control they can rebrand a channel to impersonate well-known eSports streaming pros like "Oleksandr 's1mple' Kostyljev, Nikola 'NiKo' Kovač, or 'donk'," reports Bitdefender. The rebranding includes populating the channel with various old and looped streams.
- Once set up, the scammer then begins malicious live streams, looping old gameplay of the impersonated streaming pro.
- Scammers invite viewers to participate in live streaming events which include fake CS2 skin and cryptocurrency giveaways, observed Bitdefender. Specially tailored QR codes or fraudulent links are shared.
- Now for the payoff – victims are asked to log in with their Steam account for their free loot, or send crypto so it will be 'doubled'.
Anyone who gets reeled in past the Steam login or crypto-doubling scam stage will get ripped off. Their Steam accounts will be open to looting of valuable skins and items. Their crypto, which they hoped to be doubled, will never be returned.
Bitdefender says that the CS2 community has been the most prominent target of these scammers - but it is a massively popular competitive game with 26 million registered players (January 2025). It also notes that the popularity of prestigious recent eSports events like IEM Katowice 2025 and PGL Cluj-Napoca 2025 was exploited by the digital thieves. For example, fake live streams were themed or timed to coincide with these events, backed up with fake community posts and controlled comments.
The Bitdefender blog rather helpfully shares some advice to help gamers stay safe from potential digital deceivers. It is often good to be reminded of what may seem obvious telltale signs of skulduggery, so be super skeptical of: too-good-to-be-true offers, suspicious links and QR codes, or unfamiliar streaming channels. Folk should also set up Steam Guard and MFA, says the cyber security company. Last but not least, Bitdefender also recommends its Scamio (Discord) and Link Checker tools – which it says would flag the above attempts at grabbing your digital goods as "likely a scam."
