A cybersecurity expert has criticized Google for inadequate safeguards against deepfakes targeting cryptocurrencies involving Bitcoin and figures like Elon Musk.
Recently, scammers took advantage of a fabricated YouTube video of billionaire and Tesla CEO Elon Musk to scam unsuspecting users of cryptocurrencies, including Bitcoin (BTC).
Bad actors used artificial intelligence and real videos to create live YouTube streaming sessions to direct cryptocurrency users to deposit bitcoin on multiple websites. The campaign has received hundreds of thousands of views, and the potential losses are not yet known.
In a press release sent to crypto.news, National Cybersecurity Center (NCC) founder Michael Marcotte said the scammers have launched a “personal attack on Elon Musk as well as his ability to impede consumer confidence in Bitcoin.”
In addition, hackers used Russian domain name registrars for cryptocurrency deposit platforms, promising to double users' funds. According to Marcotte, the perpetrators may have used this tactic to misdirect law enforcement. The expert stated, “This unusual signature of the attack raises serious questions about the primary intent and source.”
Marcotte: Google should do more
As the NCC veteran explained, the scammer used an account with nearly 1 million followers and 250 million views. Marcotte opined that the case calls Google's policies into question since malicious users assumed legitimacy by mimicking a verified Tesla YouTube account.
“The real indictment was that scammers were able to perpetrate this scam on YouTube for hours over the weekend without shutting it down. It's clear in this particular case that Google's cybersecurity team was asleep at the wheel,” Marcotte said via email.
The expert said that the Google team deserves the benefit of the doubt, but stressed that a breach of this size should have been reported quickly and addressed.
Recurring fears
Users have complained about attack vectors that Google left unchecked, leading to losses in cryptocurrencies in the past. Last month, crypto.news reported on a fake Aggr Chrome extension used to bypass Binance security. On June 3, there were multiple reports of $1 million in losses associated with the same rollover appeared. In April, scammers used paid ads on the massive search engine to promote a malicious over-the-counter crypto platform.
Alphabet has at times pushed back against fraudsters and sued them for orchestrating criminal campaigns. However, users and experts alike agree that the company should do more to address these incidents.
“It has now become blatantly clear that we are moving into a world where the line between real and fake is increasingly blurred. This weekend’s scam should serve as a radical wake-up call to the rest of the industry,” Marcotte noted.