Hackers pose as e-sports gamers online to steal cryptocurrency from Counter-Strike fans

Cybercriminals are exploiting major e-sports tournaments to target players of the popular video game Counter-Strike 2 (CS2), researchers have found. 

According to a new report by cybersecurity firm Bitdefender, scammers are hijacking YouTube accounts to impersonate professional CS2 players, including Oleksandr 's1mple' Kostyliev, Nikola 'NiKo' Kovač and Danil "donk" Kryshkovets, and launching fake livestreams.

The latest campaign coincided with high-profile e-sports tournaments such as IEM Katowice 2025 and PGL Cluj-Napoca 2025, which attracted millions of viewers. Attackers capitalized on the heightened interest to maximize their reach.

Scammers gain control of YouTube channels with existing subscriber bases, rebrand them to mimic well-known players, and broadcast fake livestreams. These streams loop old gameplay footage, making it appear as though the impersonated player is live.

Viewers are then directed to fraudulent websites via QR codes or links displayed on the stream, falsely promising free CS2 skins, cases or cryptocurrency rewards.

Bitdefender did not disclose how many users fell victim to this scam or which hacker group was behind it.

Computer and video games are an attractive target for hackers due to their wide reach. In 2023, a distributed denial-of-service (DDoS) attack crippled the servers of  Activision Blizzard, which are used to authenticate users and connect them to games. The incident made it almost impossible to play some of the publisher’s hit games, including Diablo IV, World of Warcraft and Call of Duty.

Earlier this year, Russian cybersecurity firm Kaspersky discovered that suspected Russian-speaking hackers are using malicious versions of popular pirated games to install cryptomining software known as XMRig on their victims' devices.

Malicious versions of games such as BeamNG.drive, Garry’s Mod, Dyson Sphere Program, Universe Sandbox and Plutocracy were hosted on torrent sites, which are often used for the illegal sharing of copyrighted content like movies, music, software and games. 

Back in 2023, researchers uncovered a phishing campaign targeting Russian-speaking players of Enlisted, a multiplayer first-person shooter. The hackers used a fake website that closely resembled the official Enlisted webpage to distribute ransomware.