Google ‘asleep at the wheel’ on crypto deepfake scams
A cybersecurity expert called out Google over inadequate preventive measures against crypto-targeted deepfakes involving Bitcoin and figures like Elon Musk.
Recently, scammers leveraged a fabricated video of billionaire and Tesla CEO Elon Musk on YouTube to fleece unsuspecting users of cryptocurrencies, including Bitcoin (BTC).
Bad actors used artificial intelligence and real video clips to create YouTube Live sessions directing crypto users to deposit BTC on multiple websites. The campaign amassed hundreds of thousands of views, and the possible losses are yet unknown.
National Cybersecurity Center (NCC) founder Michael Marcotte, said in a press release sent to crypto.news scammers are initiating a “personal attack on Elon Musk as well as its ability to kneecap consumer confidence in Bitcoin.”
Additionally, hackers used Russian domain name registrars for the crypto depository platforms, promising to double user funds. Per Marcotte, the culprits may have deployed this tactic to misdirect law enforcement. “This unusual attack fingerprint raises serious questions about underlying intent and source”, the expert stated.
Marcotte: Google must do more
As the NCC veteran highlighted, the scammer used an account with nearly one million followers and 250 million views. Marcotte opined that the case calls Google’s policies into question since malicious users assumed legitimacy by mimicking a verified Tesla YouTube account.
“The real indictment was that scammers were able to perpetrate this scam on YouTube for hours over the weekend without it being shut down. It is clear in this particular case that Google’s cybersecurity team was asleep at the wheel,” said Marcotte via email.
The expert said Google’s team deserves the benefit of the doubt but stressed that a breach of this magnitude should have been quickly flagged, and addressed.
You might also like: Crypto users left vulnerable via sham Google Chrome extension
Recurring concerns
Users have complained of attack vectors left unchecked by Google, which have led to crypto losses in the past. Last month, crypto.news reported a fake Aggr Chrome extension used to bypass Binance security. On June 3, multiple reports of $1 million in losses linked to the same extension emerged. In April, scammers employed paid ads on the mammoth search engine to promote a harmful OTC crypto platform.
[𝕏] #Binance accounts may be at risk if users downloaded the KOL-promoted Google plugin Aggr! A Chinese user lost $1 million on May 24, and another user was hacked on March 1. Hackers use hijacked cookies to bypass password/2FA and access accounts pic.twitter.com/e1bIyjhm9B
— BecauseBitcoin.com (@BecauseBitcoin) June 3, 2024
The Alphabet subsidiary has sometimes fought back and sued scammers for masterminding criminal campaigns. However, users and experts alike agree that the company should do more to tackle these incidents.
“It is now starkly obvious that we’re moving into a world where the line between real and fake is increasingly unclear. This weekend’s scam needs to be a radical wake-up call for the rest of the industry.” Marcotte noted.
Read more: Michael Saylor, MicroStrategy to pay $40m in tax evasion settlement
Source