Attack of the Crypto Scammers!

Now that it's finally over, I can tell you about that one time a crypto-scammer tried to steal my channel.

As I tell this story, I'm going be putting 🚩's on each event that was a red-flag to me.

Near the end of April, I was contacted by someone doing PR for a crypto🚩 game called Impulse Flow. I looked at the Twitter profile and it seemed interesting, so I bit.

So, all he was asking for is to "insert a trailer" of the game at the beginning of my next video. Odd request but not quite a red-flag. The cost of the sponsorship was though 🚩.

$2000 smackaroos is a lot of money, and for a single channel to run an ad for them that most people will skip? Yeah, right. So I asked for a bit more information. His response to was all too predictable.

I'm willing to forgive spelling mistakes, so him saying "renew" instead of "review" was taken as an honest mistake. But the fact that he couldn't clarify anything without me reading the contract? That's the next 🚩.

I will say that he and his profile seemed legit. I mean, for a crypto-bro I guess. I am apprehensive about crypto stuff but I'm not outright anti-crypto. Though, this episode doesn't cast a very favorable light on it, does it? 😅

The email contained a link to Dropbox (which I forwarded the email to) which pointed to.. a rar file 🚩. Inside the rar file were these two files:

I'm guessing the video trailer was some thrown-together footage of a mobile game because it was not good. The "PDF" file is very obviously a virus:

- It's a freaking .scr file
- That's not the correct acrobat icon
- The file was 800mb

For folks wondering about the Linux angle - Dolphin (hi I use KDE) doesn't associate .scr files to anything so it can't be run from the UI very easily. Since an .scr file is functionally the same as an .exe, wine could have run it, which likely would have infected the machine and stolen my channel.

Much to my dismay, Clamav did not find this virus! I'm curious what I can do about that. I'm a little iffy about publicizing it because I don't know who these scammers are and I don't want to piss them off, you know? 😅

By this point, I had reported the email to Google and he had sent two more that showed up immediately as phishing, so that all but confirms that their email sending domain is burned up now.

Since the gig was up, I figured I would be vapid and play dumb until he stopped responding, which he eventually did. 😂

And so ends the crypto-scammer saga! This is is how YouTube channels get taken over, folks. The biggest red flags were:

- The amount of the sponsorship (especially considering the ask).
- He refused to clarify or confirm anything before looking at the contract.
- The fact that the "contract" came in an archive file (let alone a rar file!) instead of being attached directly to the email.
- The fact that the "PDF" file was a .scr file and was giant.

Hopefully these red flags sound obvious. If they don't, take notes because this is how scammers get ya!