Hackers are targeting popular YouTube gaming channels to orchestrate scams that result in the theft of Steam accounts, cryptocurrency, and valuable in-game items.
According to cybersecurity researchers at Bitdefender Labs, these attacks have intensified during major esports events like the IEM Katowice 2025 and PGL Cluj-Napoca 2025 tournaments, leveraging the popularity of Counter-Strike 2 (CS2) to deceive unsuspecting gamers.
How the Scam Unfolds
The scam begins with cybercriminals taking over YouTube accounts that already have substantial subscriber bases.
Once compromised, the channels are stripped of their original branding and rebranded to impersonate well-known CS2 professional players such as Oleksandr “s1mple” Kostyljev, Nikola “NiKo” Kovač, or donk.
The attackers then launch fake livestreams featuring looped gameplay footage of these players, creating the illusion of an authentic broadcast.
During these fraudulent streams, viewers are enticed with promises of free CS2 skins or cryptocurrency rewards.
Scammers display QR codes or links directing users to deceptive websites that claim to host giveaways.
Victims are either prompted to log in with their Steam credentials granting hackers access to their accounts or asked to send cryptocurrency under the pretense of receiving double the amount in return.
In both cases, victims suffer financial losses, including stolen in-game items or drained crypto wallets.
Key Indicators of Fraudulent Activity
Bitdefender Labs highlights several red flags associated with these scams:
- Promises of doubling cryptocurrency deposits are a hallmark of fraudulent schemes.
- Requests for upfront crypto payments to participate in giveaways should be treated with skepticism.
- Lack of verifiable affiliation with legitimate esports teams or tournament organizers further signals foul play.
Scammers strategically time these operations during high-profile events like IEM Katowice and PGL Cluj-Napoca to maximize visibility and lure a larger audience into their traps.
To avoid falling victim to these schemes, gamers are advised to verify the authenticity of YouTube channels before engaging with any giveaways.
Checking for recent uploads or genuine community interactions can help identify fake accounts.
Additionally, users should avoid clicking on suspicious links or scanning QR codes without verifying their legitimacy through tools like Bitdefender Scamio.
Securing Steam accounts is another critical step. Enabling multi-factor authentication (MFA) through Steam Guard Mobile Authenticator and monitoring login activity can help prevent unauthorized access.
Gamers should also report fraudulent streams and hacked channels directly to YouTube while warning others in gaming communities about ongoing scams.
As cybercriminals continue to exploit the growing popularity of esports and gaming platforms, staying vigilant and adopting robust security measures remains essential for safeguarding digital assets and personal information.
