A coordinated network of compromised YouTube channels is targeting Solana holders with fraudulent livestreams. The broadcasts, flagged by community members on r/solana, utilize looped footage of co-founder Anatoly Yakovenko to lend legitimacy to wallet-draining schemes.
The Attack Vector
The campaign follows a specific pattern. Scammers hijack established YouTube accounts, often with verified badges and high subscriber counts, to bypass platform fraud filters. Once in control, they rebrand the channel to mimic the Solana Foundation or Solana Labs.
The streams play old interviews or AI-generated deepfakes of Yakovenko. Overlaid text promises an “emergency airdrop” or a “2x allocation” event. Viewers who scan the on-screen QR code are directed to malicious domains. These sites do not distribute tokens. Instead, they prompt users to sign a transaction that grants the attacker full access to the wallet’s assets.
Community Response
Users on the r/solana subreddit have begun cataloging the malicious streams, noting the speed at which new ones appear after takedowns. The persistence of these streams suggests an automated operation.
The goal is simple: trick users into connecting their wallets and signing transactions that drain their funds.
This vector is not unique to Solana. Similar campaigns have targeted Ripple (XRP) and MicroStrategy, exploiting the delay between report filing and platform moderation. Security experts advise that legitimate protocols never conduct “send one, get two” giveaways. SOL traded flat at $235 following the reports, indicating the scams have not impacted broader market sentiment.
