Analysis of YouTube USDT crypto scams
By Andrew Patel
WithSecure™ has discovered thousands of videos advertising fraudulent web-based apps that pose as USDT (Tether) investment schemes. These videos, hosted on YouTube, promise returns that scale on the amount of currency invested. YouTube channels with significant numbers of subscribers and view counts post new videos of this type on a daily basis. Some of the participating channels are even YouTube verified accounts.
Many videos of this nature receive inauthentic engagement boosts, designed to game YouTube’s recommendation algorithms, from hundreds of YouTube channels controlled by a small group of Telegram users. These inauthentic YouTube channels also use automation to post copy-paste comments to videos in an effort to make the advertised fraudulent apps appear legitimate. Description fields attached to the videos also employ a unique style of “SEO”, likely designed to game YouTube’s search functionality.
At the time of writing, approximately 700 URLs associated with fraudulent apps of this nature were identified via data capture and analysis techniques. The YouTube hashtag #usdtmining also reportedly contains over 3,900 similar videos.
Cryptocurrency wallet addresses associated with these fraudulent apps were directly extracted from several YouTube videos. Patterns found in transactions associated with these wallets suggest that there may be thousands of additional apps and crypto wallets involved in these operations. By collecting transaction history for these wallets, a set of 900 victims were identified. Summing the transactions between victim wallets and app wallets provided an estimate that operations associated with these scams made just over 100,000 USD between July and November 2022.
These operations use hundreds or possibly thousands of cryptocurrency wallets, all of which make very small and frequent transfers between each other. Mapping the flow of money in these operations represents an extremely complicated endeavor. However, it is possible to identify large amounts of money flowing through a few downstream wallets in the blockchain.
This report details the anatomy of the videos and apps behind this scam, analyses two associated scam apps in detail, explores the #usdtmining YouTube hashtag, describes blockchain analysis methodology used on crypto wallets associated with the scam, and finally presents recommendations for YouTube and some final conclusions.