Dota 2 YouTube Channel Hacked in Elaborate Solana Token Scam - Crypto Security Crisis Deepens

Gaming giant's official channel hijacked in sophisticated crypto heist

SECURITY BREACH

SCAM MECHANICS

INDUSTRY FALLOUT

Just another day in crypto - where your favorite gaming channel suddenly becomes your worst financial advisor. The only thing more volatile than token prices? Platform security itself.

Dota 2 community warn investors of fake memecoin

On the r/DotA2 subreddit, users shared screenshots of the livestream saying that viewers were just bots, and warned others to avoid interacting with the scam. 

“Mods should pin it at the top of the sub ASAP. People will fall for this SCAM,” one Redditor wrote before confirming the livestream was eventually taken down.

Another Redditor shared news about other esports YouTube accounts, including those for ESL, BLAST Counter-Strike, and the Esports World Cup, which were hacked around the same time. Later updates revealed that the Mobile Legends MPL Indonesia channel had also been under control by hackers briefly.

“This is one hell of a coordinated attack,” the Redditor commented, speculating that the breaches might be related to ongoing technical issues affecting YouTube, or possibly to a security flaw in two-factor authentication systems on Android devices.

Around the same period, YouTube users began reporting playback errors, according to a report from 9to5Google. When attempting to play videos on the platform or stream music on YouTube Music, they were met with the message “An error occurred. Please try again later.”

Fake memecoin peaked at $7k market cap

The fake solana token, dota2coin, launched through Solana’s Pump.fun went live shortly before the hack occurred. At the time of this publication, the token was trading at $0.00000585, and its market cap had crashed to roughly $5,500. It is down about 16% from its brief peak shortly after launch, according to Pump.fun screener.

According to on-chain metrics, the token had been hastily created within hours of the YouTube channel hack, with less than 3% bonding curve progress and one wallet holding more than 98% of the total supply.

“Nobody is falling for that garbage anymore,” one X user posted. “I don’t even understand how celebrity coins can rally to millions. How can people be so stupid?”

Security issues beyond YouTube

While YouTube’s internal systems have not been officially linked to the incident, some cybersecurity researchers have been talking about a vulnerability in Android’s two-factor authentication mechanism. 

The YouTube downtime came against the backdrop of a new research revealing an Android exploit named Pixnapping, which can steal authentication codes and private data without the need of special permissions.

As detailed by tech news outlet WIRED, Pixnapping was developed by academic researchers who studied its ability to extract sensitive data like chat messages, two-factor codes, and email content, from apps displayed on a user’s screen. The exploit captures visible data from other apps after a user installs a malicious application.

“Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping,” the researchers explained, “This allows a malicious app to steal sensitive information displayed by other apps or arbitrary websites, pixel by pixel.”

Pixnapping has been successfully tested on Google Pixel and Samsung Galaxy S25 devices, and the security team believes tweaking it could extend its use to most Android phones. Google launched some updates last month, but the researchers confirmed that a modified version of the malware still functions even after the update.

Join a premium crypto trading community free for 30 days - normally $100/mo.