Cyber Incident Victim: Neebs Gaming
Date:
Feb 2020
Location:
United States of America
Summary
A popular YouTube gaming channel with nearly 1.88 million subscribers was compromised by cryptocurrency scammers who impersonated a prominent crypto exchange CEO during an unauthorized livestream. The attackers promoted a fraudulent Bitcoin giveaway, urging viewers to send funds to a specified wallet address with promises of multiplied returns, ultimately stealing approximately $24,000 worth of Bitcoin. The channel regained control after several days, criticizing YouTube's inadequate support response during the incident. The hackers repurposed legitimate footage to lend credibility to the scam, which reached around 95,000 viewers before being terminated. This breach highlighted ongoing platform vulnerabilities to coordinated financial scams exploiting live features and trusted creator identities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between February 15 and 17, 2020, the Neebs Gaming YouTube channel, with 1.88 million subscribers, was compromised by unidentified attackers conducting a cryptocurrency scam. The hackers livestreamed a fraudulent video titled "Coinbase CEO announced the greatest crypto Air-Drop 10,000 Bitcoin, Live," repurposing footage from Coinbase Pro CEO Brian Armstrong’s 2019 AMA session to appear legitimate. This stream falsely promised viewers up to 10-times returns on Bitcoin sent to a specified wallet address, attracting approximately 95,000 viewers during its active period. The attackers received at least 20 Bitcoin transactions totaling 2.465 BTC (valued at $24,000 at the time) from victims who believed the giveaway was authentic. Neebs Gaming regained control of their channel by February 17, though the exact method of account recovery was not detailed in public reports. The channel operators publicly criticized YouTube’s support team for providing inadequate assistance during the incident, stating the platform only asked if they retained login access without offering substantive remediation steps.
The incident highlighted systemic vulnerabilities in YouTube’s creator protection mechanisms and the evolving tactics of cryptocurrency scammers exploiting live-streaming features. Neebs Gaming’s restoration occurred without disclosed collaboration from YouTube, underscoring the platform’s delayed response to high-profile account takeovers. This hack followed a pattern of similar cryptocurrency scams on YouTube, including a February 2020 hijacking of the Pogo channel promoting Ethereum fraud and a 2018 campaign where attackers used malicious ads to covertly mine Monero through viewers’ browsers. The financial impact on Neebs Gaming’s operations was not quantified publicly, but the breach disrupted their content delivery and eroded viewer trust during the compromise period. YouTube faced renewed criticism for failing to detect or rapidly terminate the fraudulent livestream despite its prominence and the use of a high-profile executive’s identity without authorization. The attackers’ operational sophistication was demonstrated through their manipulation of existing legitimate content, rapid monetization via cryptocurrency, and exploitation of YouTube’s live-streaming interface to maximize reach before detection.