Twitter has long been home to giveaway (or “trust-trading”) scams that attempt to trick people into sending crypto to an unknown destination with a promise that they will receive a return of 2-10x the amount:

Recently though, these scammers have pivoted to YouTube:

At first glance, YouTube would appear to be the ideal scam distribution platform. It supports content virality and discovery in ways that Twitter doesn’t (just look at the suggested scam videos in the “Up Next” portion of the screenshot above.)

Fortunately, we can reapply some of the same methods that we use for scam-hunting on Twitter to surface accounts, videos, and thumbnails that are likely to be distributing trust-trading scams.

The same obfuscation techniques that scammers use to evade detection also make it much harder for a victim to find the content organically, and understand what to do with it* — while still leaving telltale signatures that distinguish it from legitimate content.

Here are some of the YouTube scam addresses I’ve found while putting together a detector in my personal time: https://gist.github.com/themullinator/a06a197152dd0b7f34e282617fa0a228

*A similar evolution is occurring in the sextortion email industry. Spam filters have gotten so good at detection extortion emails that the actors have resorted to doing complicated things like sending the victim an email in Russian with instructions to load it into Google Translate, and then piece together fragments of the extortion destination address.