Several major gaming organizations faced a serious cybersecurity breach on Oct. 15 when hackers carried out a large-scale coordinated attack on their official YouTube channels.
The purpose behind the assault appeared to be the promotion of fraudulent cryptocurrency tokens, an increasingly common tactic among online scammers attempting to exploit the popularity and credibility of established gaming brands.
The official Dota 2 YouTube channel, managed by Valve, was one of the first to be affected. Viewers were surprised to find the channel broadcasting a fake livestream titled “Dota 2 Launch Official Meme Coin | Hurry Up,” an obvious attempt to trick fans into engaging with a counterfeit crypto promotion. The livestream was designed to look legitimate, using Dota 2 branding and professional layouts that closely resembled authentic Valve announcements.
The breach didn’t stop there. PGL, the esports organizer that regularly runs Valve-approved Dota 2 tournaments, was also compromised around the same time. Hackers replaced the channel’s usual tournament content with a fabricated video featuring business figure Michael Saylor discussing cryptocurrency.
This mirrored the type of scam that has been spreading across YouTube in recent years, where hijacked accounts are used to stream fake interviews or investment discussions to lure viewers into crypto-related traps.
Reports soon confirmed that the incident was part of a much larger coordinated attack across the global esports scene. Hackers simultaneously targeted multiple high-profile gaming organizations, including ESL, BLAST Counter-Strike, Esports World Cup, and Mobile Legends MPL Indonesia.
The situation quickly gained attention on Reddit’s r/DotA2 community, where users documented the fake livestreams and urged others to avoid clicking any suspicious links or crypto promotions. Screenshots and community alerts helped raise awareness and likely contributed to the rapid shutdown of the scam streams.
Fortunately, both the Dota 2 and PGL YouTube channels were restored within hours. YouTube’s internal security systems, combined with community reports, helped detect and remove the fraudulent content before it could cause widespread damage. While the channels are now back to normal, the incident underscores how even well-established organizations with verified accounts remain vulnerable to digital security threats.
According to cybersecurity analysts, the attack may have been carried out using stolen session tokens, a method that bypasses traditional login credentials. This approach has become increasingly common in recent years, particularly in targeting high-traffic YouTube channels that belong to public figures, gaming organizations, and tech influencers.
While this particular incident was resolved quickly, it reinforces the ongoing need for vigilance across gaming platforms. Viewers are encouraged to double-check links, verify sources before engaging with crypto-related promotions, and report suspicious activity when encountered.
