The official YouTube channel for Dota 2, one of the world’s most popular multiplayer online battle arena (MOBA) games, was briefly hijacked on Wednesday by crypto scammers who promoted a fraudulent Solana-based token called dota2coin.
According to several screenshots shared on social media, the cyber attackers took over Dota 2’s YouTube channel to livestream a fake promotional event titled “Dota 2 Launch Official Meme Coin | Hurry Up.”
Viewers of the fraudulent livestream were solicited to follow a PumpFun link advert of the new “dota2coin,” which falsely claimed to be in a collaboration with the MOBA games. The coin’s description even included a link back to the legitimate Dota 2 channel to make the scam seem more credible.
Looks like Valve’s official Dota 2 YouTube channel was hacked by crypto scammers
lmao pic.twitter.com/p82ReIPrWW
— Brad Lynch (@SadlyItsBradley) October 15, 2025
Valve, the publisher behind Dota 2, has not yet issued an official statement. However, the breach appeared to last only a short time before the fraudulent livestream was removed, with no reports of user data being compromised.
Dota 2 community warn investors of fake memecoin
On the r/DotA2 subreddit, users shared screenshots of the livestream saying that viewers were just bots, and warned others to avoid interacting with the scam.
“Mods should pin it at the top of the sub ASAP. People will fall for this SCAM,” one Redditor wrote before confirming the livestream was eventually taken down.
Another Redditor shared news about other esports YouTube accounts, including those for ESL, BLAST Counter-Strike, and the Esports World Cup, which were hacked around the same time. Later updates revealed that the Mobile Legends MPL Indonesia channel had also been under control by hackers briefly.
“This is one hell of a coordinated attack,” the Redditor commented, speculating that the breaches might be related to ongoing technical issues affecting YouTube, or possibly to a security flaw in two-factor authentication systems on Android devices.
Around the same period, YouTube users began reporting playback errors, according to a report from 9to5Google. When attempting to play videos on the platform or stream music on YouTube Music, they were met with the message “An error occurred. Please try again later.”
Fake memecoin peaked at $7k market cap
The fake Solana token, dota2coin, launched through Solana’s Pump.fun went live shortly before the hack occurred. At the time of this publication, the token was trading at $0.00000585, and its market cap had crashed to roughly $5,500. It is down about 16% from its brief peak shortly after launch, according to Pump.fun screener.
According to on-chain metrics, the token had been hastily created within hours of the YouTube channel hack, with less than 3% bonding curve progress and one wallet holding more than 98% of the total supply.
“Nobody is falling for that garbage anymore,” one X user posted. “I don’t even understand how celebrity coins can rally to millions. How can people be so stupid?”
Security issues beyond YouTube
While YouTube’s internal systems have not been officially linked to the incident, some cybersecurity researchers have been talking about a vulnerability in Android’s two-factor authentication mechanism.
The YouTube downtime came against the backdrop of a new research revealing an Android exploit named Pixnapping, which can steal authentication codes and private data without the need of special permissions.
As detailed by tech news outlet WIRED, Pixnapping was developed by academic researchers who studied its ability to extract sensitive data like chat messages, two-factor codes, and email content, from apps displayed on a user’s screen. The exploit captures visible data from other apps after a user installs a malicious application.
“Anything that is visible when the target app is opened can be stolen by the malicious app using Pixnapping,” the researchers explained, “This allows a malicious app to steal sensitive information displayed by other apps or arbitrary websites, pixel by pixel.”
Pixnapping has been successfully tested on Google Pixel and Samsung Galaxy S25 devices, and the security team believes tweaking it could extend its use to most Android phones. Google launched some updates last month, but the researchers confirmed that a modified version of the malware still functions even after the update.
Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.
