The YouTube channel of ITN Sri Lanka, which hosts over 2 million subscribers, has been hacked in what appears to be another crypto scam-related cyberattack. It’s unclear how the channel was hijacked and the entire page hosted livestream crypto scam for over a day. Fortunately, ITN has since recovered with the ITN Sri Lanka chairman Sudarshana Gunawardana issuing a statement, confirming the recovery. Earlier, in response to a tweet, the chairman stated that the company was in touch with YouTube Creator Support and is in the process of recovering the account.
High-profile YouTube channels have been routinely getting hacked by crypto scams in recent years, with victims ranging from gaming content creators like MarcoStyle to most recently, Linus Tech Tips. Malicious actors would exploit a security vulnerability, remove/hide all legitimate videos of the channel, change the name, and swap it with a deepfake crypto live stream. Typically, part of the idea is to lure unsuspecting victims by directly linking the stream to a malicious website that would operate the crypto scam. Bitdefender’s Steam-Jacking 2.0 report claims that these crypto scams have raked in as much as $600,000 in stolen funds so far.
Even Sri Lankan social media accounts aren’t immune to these attacks. Back in 2021, Derana’s YouTube channel was also hacked by a similar cyber attack. The channel, which had over 3 million subscribers at the time, was taken over thanks to an exploit of a company remote access software that allowed the attackers to gain access to login details without triggering its Two-Factor Authentication (2FA). Barely a month later, Maharaja Network’s Sirasa, Voice Teen, and TV1 channels were also briefly breached. Incidentally, the operators were able to restore the channels overnight on both occasions.
Interestingly, it’s not just Sri Lankan TV channel operators that fall victim to crypto scam attacks. In 2022, the official Twitter accounts of Seylan Bank, Sri Lankan Airlines, and Sampath Bank were all hijacked by crypto scammers on three separate occasions.
In any case, it remains to be seen how exactly the attackers gained access to ITN’s 2 million subscriber YouTube account. While it can be speculated that the attack may have been carried out via a 2FA or session token-related vulnerability, the company has yet to offer any details.
Update [06/03/2024]:included tweet from ITN Sri Lanka Chairman
Update [07/03/2024]: The YouTube channel has since been recovered
GIPHY App Key not set. Please check settings