A YouTube Security Incident Targeted Linus Tech Tips and Related Channels
Crypto scammers compromised the main YouTube channel run by Linus Sebastian, along with two additional channels connected to his tech-focused content network. The most-followed channel in this set is Linus Tech Tips, which has attracted a large audience well into the millions of subscribers. This sequence of events has been reported by major tech outlets, including The Verge, and drew wide attention from the media and viewers alike.
The breach occurred on March 23, 2023, during which attackers redirected the affected channels to stream fraudulent cryptocurrency broadcasts. These broadcasts sometimes included segments that appeared to feature prominent IT figures, including Elon Musk and Jack Dorsey, creating a misleading impression that legitimate figures supported the promoted cryptocurrency schemes. The attackers leveraged the established trust of the Linus Tech Tips audience to push a crypto agenda that was not authorized by the creator or the platform.
In the wake of the intrusion, the perpetrator group renamed the two additional channels to resemble an entity associated with electric vehicle branding, Tesla, and even altered avatars to include the Tesla logo. The goal was to deepen the illusion that the content was affiliated with or endorsed by well-known technology and automotive brands. Throughout this period, crypto broadcasts persisted on at least one channel, featuring appearances or references to Elon Musk in an attempt to add credibility to the scams.
Following the incident, YouTube security teams began restricting activity on two of the three compromised channels. The remaining channel continued to display videos linked to the Musk-backed crypto content, prompting ongoing scrutiny from the platform and the affected creator’s audience. The response highlighted the challenges large creators face when their channels are exploited by bad actors, even as official safeguards are tested and refined in real time.
Linus Sebastian issued statements through social media indicating that the Google team was actively investigating the breach and working to restore access to the affected accounts. The communications emphasized collaboration with Google to review security measures, identify how the breach occurred, and implement steps to prevent a recurrence. This incident underscored the importance of layered security protocols for creators managing multiple channels and the need for clear incident response plans when unauthorized activity is detected.
In related coverage, coverage beyond YouTube has explored broader questions about how crypto scams unfold on mainstream platforms. Analysts note the appeal of high-profile appearances, the ease of impersonation, and the operational tactics used to lure viewers into unsafe investments. The episode serves as a reminder that audience trust can be exploited, and it highlights the ongoing need for platforms to improve identity verification, real-time monitoring, and rapid disruption of fraudulent streams. These insights contribute to a wider conversation about safeguarding creators and their communities in the digital streaming era.