Onpode
Cover art for Fake MrBeast accounts flooded Threads with 10,000 crypto scam sites — his name weaponized

Fake MrBeast accounts flooded Threads with 10,000 crypto scam sites — his name weaponized

July 7, 2026 · 9 min

Juniper Vale & Hope Sterling

Security researcher Zach Edwards at Infoblox mapped over 10,000 malicious crypto scam sites flooding Meta's Threads via fake MrBeast accounts. Scammers embedded URLs inside blurry fake news screenshots — evading text-based moderation. A Guelph, Ontario woman lost $14,000 CAD after watching an AI deepfake video falsely showing MrBeast endorsing a crypto investment.

Meta's Threads platform has become the distribution channel for a large-scale cryptocurrency scam network impersonating YouTuber MrBeast (Jimmy Donaldson). Security researcher Zach Edwards of cybersecurity firm Infoblox identified and analyzed the operation, tracing it to a network of over 10,000 malicious "crypto casino" websites.

0:009:26
Make your own on Onpode

Describe any topic. Hear it in minutes.

About this episode

MrBeast built his brand on something genuinely rare: he actually gives away money at scale. That realness is now being used against the people who trusted it. This episode starts with a specific case — a woman in Guelph, Ontario who lost $14,000 Canadian after watching an AI deepfake video of MrBeast's face and voice endorsing a crypto investment — and uses it to pull apart something bigger. Security researcher Zach Edwards at Infoblox mapped more than 10,000 malicious crypto casino sites being pushed through fake MrBeast reply-spam accounts on Threads. The episode digs into exactly how those accounts evaded detection: scam URLs hidden inside blurry fake news screenshots, paired with an innocuous flowers photo — two deliberate layers engineered around Threads' specific moderation blind spots. From there, the conversation turns to the platforms. The episode makes a careful distinction: Threads and Discord aren't outmatched by clever scammers. The image-embedding trick is documented, not invisible. What looks like a capability problem is probably a cost-benefit decision nobody has reversed yet. And even if that gets fixed, the deepfake layer is a separate problem that a content policy can't fully touch. If you've ever assumed that being skeptical is enough protection, this episode has something uncomfortable to say about that.

Frequently asked

How did fake MrBeast crypto scams evade Threads moderation?

Scammers on Threads evaded moderation by hiding crypto scam URLs inside blurry fake news screenshots — images styled to look like CNN or Times articles — rather than posting text links. Threads' automated moderation scans text and URLs but cannot reliably read content embedded inside low-quality images, letting the posts pass undetected.

How much money did someone lose to a MrBeast crypto deepfake scam?

A woman in Guelph, Ontario lost $14,000 Canadian dollars after watching an AI deepfake video that used MrBeast's face and voice to falsely endorse a crypto investment. Because the payment was made in cryptocurrency, the transaction was irreversible — no dispute process or bank intervention was available after the money was sent.

Why is MrBeast specifically targeted by crypto scammers?

MrBeast — real name Jimmy Donaldson — is targeted because his brand is built on genuine large-scale cash giveaways, which conditions his audience to find the idea of free money from him plausible. Security researcher Zach Edwards at Infoblox identified this trust as a deliberate exploitation point alongside the engineered platform evasion tactics used across 10,000+ scam sites.

Can deepfake videos fool people who know what deepfakes are?

Yes. Reporting cited in analysis of the MrBeast crypto scam cases indicates that even technically savvy people — those who already know what deepfakes are — have been deceived by high-quality deepfake video calls. At sufficient quality, skepticism alone cannot compensate for synthetic audio-visual evidence that looks and sounds real.

Why didn't Meta's Threads catch 10,000 crypto scam sites linked to fake MrBeast accounts?

Threads failed to catch the MrBeast crypto scam network because scammers embedded malicious URLs inside blurry images rather than posting detectable text links. Security researcher Zach Edwards of Infoblox documented the full 10,000-site operation — meaning the pattern was visible and mappable, suggesting the gap reflects a product deprioritization rather than a technical impossibility.

Grounded in 5 sources
Hackers are using stolen Discord accounts to spread fake MrBeast giveaways · bitdefender.com
What Parents Need to Know About MrBeast Scams · bitdefender.com
Mr. Beast Crypto Scam: How a Guelph Woman Lost $14K to AI-Faked Endorsement (2026) · seattlerpchurch.org
Threads is flooded with fake MrBeast replies pushing 10,000 crypto scam sites · thecooldown.com
**Discord fails to moderate MrBeast gambling scam images** · x.ai
Read transcript

Hope Sterling: Tuesday morning, nine forty-seven AM — I want you to picture a woman in Guelph, Ontario, scrolling while her coffee cools. She gets a notification. MrBeast account, verified-looking. There's a voice note. It sounds exactly like him — excited, casual, real. She clicks. She loses fourteen thousand dollars Canadian.

Juniper Vale: Wait — a voice note, or a video?

Hope Sterling: AI deepfake video — his face, his voice — falsely endorsing a crypto investment. And the reason I'm so obsessed with this specific case is that she's not a kid. She's an adult making a real financial decision and a synthetic video of Jimmy Donaldson convinced her to move that money.

Juniper Vale: That's the part that actually shifts things, I think — because we tend to frame scam victims as, you know, people who weren't paying attention. But the deepfake quality has cleared some kind of threshold.

Hope Sterling: And it's not random that it's MrBeast, like — Zach Edwards, security researcher at Infoblox, he mapped over ten thousand malicious crypto casino sites being pushed through fake MrBeast reply-spam accounts on Threads. Ten thousand. His whole brand is giant real giveaways, so his audience is already primed to think free money from him is normal.

Juniper Vale: Ten thousand sites — on Meta's Threads specifically?

Hope Sterling: Threads, yes, and the way they're evading moderation is — actually I want to get into this because it's kind of sick-genius — but the short version is, today we're asking: did MrBeast accidentally build the perfect scam target out of his own goodness?

Juniper Vale: And whether the platforms knew — and decided it wasn't their problem yet.

Hope Sterling: But the platforms-can't-keep-up thing — that's actually where I want to pump the brakes a little, because it's not that Threads can't detect scam links. It's that the scammers figured out Threads scans text and URLs, and then they just... didn't post text or URLs. They hid the addresses inside blurry images.

Juniper Vale: Say that more plainly, because that's the click for me.

Hope Sterling: Like — okay, imagine you're passing a note in class but the teacher only confiscates folded paper. So you put the note inside a photo. The photo gets through. That's it. That's literally what they did. The scam URL lives inside a low-quality screenshot image. Threads' automated moderation reads text, reads links — it cannot reliably read what's printed inside a blurry picture.

Juniper Vale: And the fake screenshot is styled to look like a Times or CNN front page — so even a human glancing at it thinks 'oh, news story.'

Hope Sterling: Right — but the part that doesn't fit my brain yet is, like, why would a moderation algorithm even flag that? It just looks like someone shared an article screenshot.

Juniper Vale: That's what the second image is for. They add a bouquet of flowers next to an iPhone alongside the fake screenshot — I mean, when I first read that detail I actually laughed, and then I felt bad for laughing, because it's so deliberate. A flowers photo reads as completely mundane. It's obfuscation on top of obfuscation. The post looks like someone sharing a news clip and a nice morning picture.

Hope Sterling: Stop. Flowers.

Juniper Vale: Flowers. And that's what tells me this isn't opportunistic — someone actually studied how the moderation system works and engineered two separate layers around its specific blind spots. That's not a lucky workaround. Zach Edwards flagged that across more than ten thousand sites running through Threads. That's a coordinated infrastructure, not a few bad actors.

Hope Sterling: And Bitdefender's whole parent advisory basically confirms the other half — MrBeast's giveaway format conditioned his audience to think this stuff is plausible. So you've got engineered evasion on the platform side, and engineered trust on the human side. Both working at the same time.

Juniper Vale: And that's where the deepfake piece actually seals it — because the engineered trust isn't just brand recognition anymore. It's synthetic reality. The Guelph woman wasn't going off vibes. She watched a video. His face, his voice, his cadence.

Hope Sterling: And like — okay, I keep thinking about what that actually means, because we say 'deepfake' and people picture some uncanny valley glitchy thing, right? But this was good enough to move fourteen thousand Canadian dollars. That is not a glitch. That is a closed gap.

Juniper Vale: The threshold question is the one that unsettles me. Because separate reporting — not the Guelph case specifically — found that even technically savvy people have been fooled by deepfake video calls. Not just fans. Not just kids.

Hope Sterling: Wait, technically savvy people? Like — people who know what deepfakes are?

Juniper Vale: People who know what deepfakes are. Which means — I mean, the defense we usually reach for, 'just be more skeptical,' has a ceiling. At some quality level, skepticism can't compensate for synthetic evidence you can see and hear.

Hope Sterling: And the thing nobody's saying out loud is that once she sent that money — crypto, irreversible, pseudonymous — it is gone. There is no dispute button. No bank call. No mechanism. Prevention is literally the only protection that existed.

Juniper Vale: Which makes the platform failure not just embarrassing — it's the entire stakes. If Threads lets a scam through, the harm is permanent.

Hope Sterling: And — okay, this is the part that's going to make me actually angry when we get there — ten thousand sites running through a platform owned by Meta, and the answer we keep hearing is 'the scammers evolve too fast.' That is a choice dressed up as a physics problem.

Juniper Vale: Yeah, I want to pull that thread hard in a minute, because 'outmatched' and 'deprioritized' are very different things.

Hope Sterling: Right — but the part that makes me want to scream is that Zach Edwards spotted this. One researcher at Infoblox. That's not classified intelligence, that's a guy doing his job and going 'there are over ten thousand of these.' If he can see it, Meta can see it.

Juniper Vale: That's the crux. The image-embedding trick isn't invisible. It's documented. Edwards mapped it across more than ten thousand scam sites running through Threads. Meta has engineers, they have billions — 'we can't read URLs inside images' is not a physics limit, that's a product decision someone hasn't reversed yet.

Hope Sterling: And Discord too — like, this isn't a Threads-only thing. Discord was separately flagged for not moderating MrBeast-branded gambling scam images. Two completely different platforms, same failure.

Juniper Vale: Which actually — I mean, that's the part that breaks the 'too fast to catch' argument. If it were just one novel exploit on one platform, okay, maybe. But the same brand, same tactic, two platforms, same gap? That's industry-wide deprioritization.

Hope Sterling: No way around it.

Juniper Vale: So the calibrated version — not the hot take — is probably this: Threads and Discord aren't outmatched by the scammers' cleverness. They're outmatched by their own cost-benefit math. The flowers photo, the blurry CNN and Times fake screenshots, the image-embedded URL — none of it is undetectable. It's just expensive to prioritize.

Hope Sterling: And even if Meta fixes the detection tomorrow — like, actually patches the image-reading gap — the deepfake layer survives. The Guelph woman didn't click a sketchy link first. She watched a video. That psychological layer doesn't live on Threads' servers.

Juniper Vale: Yeah. Platform accountability is real and it's on Meta and Discord — but it's not the whole answer. The verdict is: ten thousand scam sites is a choice, not a hard problem. And a fourteen-thousand-dollar loss to a deepfake is a different problem that a content policy can't fully touch.

Hope Sterling: And that's — I mean, that's kind of the wild ending to this whole thing, right? Like, MrBeast's actual liability is that he genuinely did what scammers only pretend to do. He gave away the money. He made it real. And that realness is now sitting there like an open door.

Juniper Vale: Yeah. And until there's some tamper-proof way to verify that a giveaway is actually from him — not a deepfake, not a reply-spam bot on Threads, not a blurry fake CNN screenshot — the scam has a permanent address.

Hope Sterling: A permanent address. I hate how right that is. Okay — I think we're done.

Juniper Vale: Genuinely good conversation. Thank you for the flowers detail. I'll be thinking about that for a while.

Hope Sterling: The flowers! They will haunt me. Okay. Done.

Fake MrBeast accounts flooded Threads with 10,000 crypto scam sites — his name weaponized · Onpode