Cybercriminals are actively exploiting major Counter-Strike 2 (CS2) tournaments, such as IEM Katowice 2025 and PGL Cluj-Napoca 2025, to deceive gamers and steal their Steam accounts and cryptocurrency.
Despite being released 13 years ago, CS2 (formerly CS:GO) continues to maintain a vast player base and a thriving esports scene with multimillion-dollar prize pools. In early February, the game set a new record, surpassing 1.7 million concurrent players on Steam.
The attack is part of a fraudulent campaign known as “Streamjacking,” uncovered by researchers at Bitdefender Labs. Cybercriminals pose as professional CS2 players—such as s1mple, M0NESY, NiKo, and donk—by creating counterfeit livestreams on YouTube. These fake broadcasts promise free skins and cryptocurrency giveaways, luring viewers into clicking malicious links.
To enhance credibility, the scammers hijack compromised YouTube accounts and rename them to match well-known players. The livestream content consists of looped footage from past matches, designed to appear as genuine real-time streams. QR codes and links embedded in the video direct viewers to phishing websites, where they are prompted to log in via Steam or transfer cryptocurrency under the false promise of doubling their funds.
Once victims enter their credentials, the attackers gain full access to their Steam accounts, including inventories filled with valuable in-game items. In the case of cryptocurrency, any transferred funds are immediately funneled into cybercriminals’ wallets.
To further the illusion, fraudsters incorporate the logos of reputable trading platforms like CS.MONEY and reference major esports sponsors, including Intel and Lenovo.
Gamers are urged to remain vigilant and avoid trusting such deceptive streams. It is crucial to verify official pages of professional players, enable two-factor authentication to secure Steam accounts, and monitor login activity closely. Any offer that promises to double cryptocurrency or provide valuable items for free is a clear sign of fraud.
