Hope Sterling: Tuesday morning, nine forty-seven AM — I want you to picture a woman in Guelph, Ontario, scrolling while her coffee cools. She gets a notification. MrBeast account, verified-looking. There's a voice note. It sounds exactly like him — excited, casual, real. She clicks. She loses fourteen thousand dollars Canadian.
Juniper Vale: Wait — a voice note, or a video?
Hope Sterling: AI deepfake video — his face, his voice — falsely endorsing a crypto investment. And the reason I'm so obsessed with this specific case is that she's not a kid. She's an adult making a real financial decision and a synthetic video of Jimmy Donaldson convinced her to move that money.
Juniper Vale: That's the part that actually shifts things, I think — because we tend to frame scam victims as, you know, people who weren't paying attention. But the deepfake quality has cleared some kind of threshold.
Hope Sterling: And it's not random that it's MrBeast, like — Zach Edwards, security researcher at Infoblox, he mapped over ten thousand malicious crypto casino sites being pushed through fake MrBeast reply-spam accounts on Threads. Ten thousand. His whole brand is giant real giveaways, so his audience is already primed to think free money from him is normal.
Juniper Vale: Ten thousand sites — on Meta's Threads specifically?
Hope Sterling: Threads, yes, and the way they're evading moderation is — actually I want to get into this because it's kind of sick-genius — but the short version is, today we're asking: did MrBeast accidentally build the perfect scam target out of his own goodness?
Juniper Vale: And whether the platforms knew — and decided it wasn't their problem yet.
Hope Sterling: But the platforms-can't-keep-up thing — that's actually where I want to pump the brakes a little, because it's not that Threads can't detect scam links. It's that the scammers figured out Threads scans text and URLs, and then they just... didn't post text or URLs. They hid the addresses inside blurry images.
Juniper Vale: Say that more plainly, because that's the click for me.
Hope Sterling: Like — okay, imagine you're passing a note in class but the teacher only confiscates folded paper. So you put the note inside a photo. The photo gets through. That's it. That's literally what they did. The scam URL lives inside a low-quality screenshot image. Threads' automated moderation reads text, reads links — it cannot reliably read what's printed inside a blurry picture.
Juniper Vale: And the fake screenshot is styled to look like a Times or CNN front page — so even a human glancing at it thinks 'oh, news story.'
Hope Sterling: Right — but the part that doesn't fit my brain yet is, like, why would a moderation algorithm even flag that? It just looks like someone shared an article screenshot.
Juniper Vale: That's what the second image is for. They add a bouquet of flowers next to an iPhone alongside the fake screenshot — I mean, when I first read that detail I actually laughed, and then I felt bad for laughing, because it's so deliberate. A flowers photo reads as completely mundane. It's obfuscation on top of obfuscation. The post looks like someone sharing a news clip and a nice morning picture.
Hope Sterling: Stop. Flowers.
Juniper Vale: Flowers. And that's what tells me this isn't opportunistic — someone actually studied how the moderation system works and engineered two separate layers around its specific blind spots. That's not a lucky workaround. Zach Edwards flagged that across more than ten thousand sites running through Threads. That's a coordinated infrastructure, not a few bad actors.
Hope Sterling: And Bitdefender's whole parent advisory basically confirms the other half — MrBeast's giveaway format conditioned his audience to think this stuff is plausible. So you've got engineered evasion on the platform side, and engineered trust on the human side. Both working at the same time.
Juniper Vale: And that's where the deepfake piece actually seals it — because the engineered trust isn't just brand recognition anymore. It's synthetic reality. The Guelph woman wasn't going off vibes. She watched a video. His face, his voice, his cadence.
Hope Sterling: And like — okay, I keep thinking about what that actually means, because we say 'deepfake' and people picture some uncanny valley glitchy thing, right? But this was good enough to move fourteen thousand Canadian dollars. That is not a glitch. That is a closed gap.
Juniper Vale: The threshold question is the one that unsettles me. Because separate reporting — not the Guelph case specifically — found that even technically savvy people have been fooled by deepfake video calls. Not just fans. Not just kids.
Hope Sterling: Wait, technically savvy people? Like — people who know what deepfakes are?
Juniper Vale: People who know what deepfakes are. Which means — I mean, the defense we usually reach for, 'just be more skeptical,' has a ceiling. At some quality level, skepticism can't compensate for synthetic evidence you can see and hear.
Hope Sterling: And the thing nobody's saying out loud is that once she sent that money — crypto, irreversible, pseudonymous — it is gone. There is no dispute button. No bank call. No mechanism. Prevention is literally the only protection that existed.
Juniper Vale: Which makes the platform failure not just embarrassing — it's the entire stakes. If Threads lets a scam through, the harm is permanent.
Hope Sterling: And — okay, this is the part that's going to make me actually angry when we get there — ten thousand sites running through a platform owned by Meta, and the answer we keep hearing is 'the scammers evolve too fast.' That is a choice dressed up as a physics problem.
Juniper Vale: Yeah, I want to pull that thread hard in a minute, because 'outmatched' and 'deprioritized' are very different things.
Hope Sterling: Right — but the part that makes me want to scream is that Zach Edwards spotted this. One researcher at Infoblox. That's not classified intelligence, that's a guy doing his job and going 'there are over ten thousand of these.' If he can see it, Meta can see it.
Juniper Vale: That's the crux. The image-embedding trick isn't invisible. It's documented. Edwards mapped it across more than ten thousand scam sites running through Threads. Meta has engineers, they have billions — 'we can't read URLs inside images' is not a physics limit, that's a product decision someone hasn't reversed yet.
Hope Sterling: And Discord too — like, this isn't a Threads-only thing. Discord was separately flagged for not moderating MrBeast-branded gambling scam images. Two completely different platforms, same failure.
Juniper Vale: Which actually — I mean, that's the part that breaks the 'too fast to catch' argument. If it were just one novel exploit on one platform, okay, maybe. But the same brand, same tactic, two platforms, same gap? That's industry-wide deprioritization.
Hope Sterling: No way around it.
Juniper Vale: So the calibrated version — not the hot take — is probably this: Threads and Discord aren't outmatched by the scammers' cleverness. They're outmatched by their own cost-benefit math. The flowers photo, the blurry CNN and Times fake screenshots, the image-embedded URL — none of it is undetectable. It's just expensive to prioritize.
Hope Sterling: And even if Meta fixes the detection tomorrow — like, actually patches the image-reading gap — the deepfake layer survives. The Guelph woman didn't click a sketchy link first. She watched a video. That psychological layer doesn't live on Threads' servers.
Juniper Vale: Yeah. Platform accountability is real and it's on Meta and Discord — but it's not the whole answer. The verdict is: ten thousand scam sites is a choice, not a hard problem. And a fourteen-thousand-dollar loss to a deepfake is a different problem that a content policy can't fully touch.
Hope Sterling: And that's — I mean, that's kind of the wild ending to this whole thing, right? Like, MrBeast's actual liability is that he genuinely did what scammers only pretend to do. He gave away the money. He made it real. And that realness is now sitting there like an open door.
Juniper Vale: Yeah. And until there's some tamper-proof way to verify that a giveaway is actually from him — not a deepfake, not a reply-spam bot on Threads, not a blurry fake CNN screenshot — the scam has a permanent address.
Hope Sterling: A permanent address. I hate how right that is. Okay — I think we're done.
Juniper Vale: Genuinely good conversation. Thank you for the flowers detail. I'll be thinking about that for a while.
Hope Sterling: The flowers! They will haunt me. Okay. Done.