YouTube Videos Push Eclipse Crypto Scams

Last updated on April 18th, 2024 at 11:10 pm

A total eclipse with a bitcoin in the middle of it and a neon overlay saying "SCAM". — Image made using Canva.

Scammers are exploiting Monday’s total solar eclipse to push crypto scams on YouTube. The pair of cybersecurity researchers known as Mysk first spotted the scam videos, which are posted by accounts impersonating SpaceX.

Despite claiming to be about the eclipse, the videos feature a deep fake of Elon Musk talking about a crypto “giveaway.” The fake Musk urges viewers to scan a QR code to participate.

Screenshot from YouTube of a scam video with the title Live: Solar Eclipse Spectacular 2024 of SpaceX.
The screenshot shows a picture of Elon Musk talking to a group of people outside, with a malicious QR code displayed in an overlay on the screen. The text around the QR code reads "Eclipse of 2024-Change your Life. Scan QR code." — This scam video had over 36k viewers and was streamed by a verified YouTube account impersonating SpaceX. The malicious QR code has been redacted. Screenshot from YouTube, edited in Canva.

Upon scanning the code, viewers are taken to a website that promises to double any crypto they send to specific addresses. In reality, any money viewers send goes straight to scammers, and they will receive nothing in return.

Digging into the scam

After searching YouTube for “SpaceX” and “eclipse”, I found three accounts posting the same or similar scams. The accounts were all verified and had thousands of subscribers, giving the scam videos the veneer of legitimacy and a large audience.

Screenshot of crypto scam site. It features a photo of Elon Musk and has the text "The most global event. Hurry up to participate!" — One of the malicious QR codes led to this scam site. Screenshot taken using Any.Run and edited using Canva.

The verified account holders were not responsible for the scam videos, however. Instead, it appears their accounts were compromised, as their name and profile picture were all changed to impersonate SpaceX.

Some of the scam videos I watched ironically emphasized the importance of security, presumably to appear more legitimate. For example, they warned viewers of the dangers of phishing and instructed them to avoid revealing the seed phrase of their crypto wallet to anyone.

The QR codes used by the three scam videos pointed to three different domains: spacex-invest[.]org, spacex-eclipse[.]com and eclipse-spacex[.]com. All three domains were registered on April 7th, the day before the scam started. The registrar for each domain was a Russian company called RU Center.

As of 10am Central Time on April 9th, at least one of the scam videos was still available on YouTube, even though I reported it hours earlier. The other two, however, appear to have been removed.

Not just crypto scams

These crypto videos are unfortunately not the only scam plaguing YouTube. Last week, Proofpoint released a report about videos promising free access to premium software and free game hacks that lured viewers into downloading malware. And at the end of last year, YouTube was bombarded with fake healthcare subsidy ads.

How to protect yourself

To protect yourself from YouTube scams, be wary of anything that seems too good to be true. Whether that’s promises of doubling your crypto, free access to premium software, or a subsidy, if it seems too good to be true, it usually is.

You should also be skeptical of anything involving crypto, as there are many crypto scams on social media. Similarly, be careful what you download, install reputable anti-malware software, and be cautious if asked to give out your personal information.

Finally, if you see a scam video, report it to YouTube.