The YouTube Hack No One Noticed: How GSM Arena Lost a Year of Revenue (and What Creators Can Learn)

A cautionary tale for creators: how a major tech channel lost its YouTube revenue for over a year due to an AdSense hijack, why it went undetected, and what you can do to protect yourself.

The YouTube Hack No One Noticed: How GSM Arena Lost a Year of Revenue (and What Creators Can Learn)

This article is based on real events and creator experiences as of January 2022. It aims to help fellow creators stay vigilant and protect their channels.

Another Major YouTube Channel Hacked But This One Was Different

On January 19, 2022, the tech community was shaken by news that a major Indian tech YouTube channel, TechWiser, had been hacked. The incident quickly made the rounds on Twitter, with many speculating about the cause. As I noted in my tweet (see here), if two-factor authentication was enabled, it was likely a session or cookie hijacking attack. But as alarming as that was, there was an even scarier story from the previous year that didn’t get nearly as much attention: the GSM Arena AdSense hijack.

The GSM Arena Case: A Silent Revenue Heist

Imagine running a successful YouTube channel for years, only to discover after more than a year that all your YouTube ad revenue has been quietly redirected to someone else’s account. That’s exactly what happened to GSM Arena, one of the most trusted names in tech reviews. The most chilling part? The channel kept running as usual. Videos were uploaded, settings were unchanged, and the audience noticed nothing out of the ordinary. Meanwhile, the hijacker was collecting every cent of YouTube revenue, undetected.

How Did This Happen?

The root cause was a legacy setup involving a Multi-Channel Network (MCN). Years ago, when GSM Arena first monetized their channel, a YouTube partner manager set them up with a dummy MCN account. Their AdSense publisher ID was added to this MCN, which became the content owner of the channel. Over time, the MCN account was forgotten—no one at GSM Arena even had the login credentials.

In November 2019, someone gained access to this dormant MCN account. With a few clicks, they removed GSM Arena’s AdSense ID and replaced it with their own. No notification was sent. The hijacker simply sat back and collected the revenue, while the channel’s owners remained in the dark.

Why Didn’t Anyone Notice?

GSM Arena’s AdSense account was used for both YouTube and their website, so the drop in YouTube income was masked by other revenue streams. With the chaos of the pandemic and day-to-day business, it took nearly a year to realize something was wrong. By the time they did, the money was long gone.

The Support Maze: When Help Isn’t Helpful

When GSM Arena finally contacted YouTube support, the response was… underwhelming. Support staff insisted there was no hacking and even suggested the channel owners should “resolve the issue directly with the other admin”—the hijacker! Privacy laws prevented YouTube from sharing any contact information for the attacker. Multiple escalations led nowhere, and at one point, support simply stopped responding.

Desperate, GSM Arena tried demonetizing their videos, but the hijacker just re-enabled monetization. The only option left was to stop uploading videos altogether, hoping to get someone’s attention. After weeks of persistence and finally connecting with a new support contact, YouTube’s internal team confirmed the MCN account had indeed been hijacked. The hijacker’s access was revoked, but the process to restore normal monetization was slow and complicated.

Lessons for Creators: What You Can Do

This story isn’t just a cautionary tale—it’s a wake-up call for every creator. Here are some practical steps you can take to protect your channel and revenue:

  • Review your channel’s permissions and connected accounts regularly. Dormant or legacy accounts can be a major vulnerability.
  • Check your AdSense associations. Make sure your revenue isn’t being redirected through an old MCN or third-party account you no longer control.
  • Monitor your income streams closely. If you use AdSense for multiple properties, set up alerts or regular reviews to catch any unexpected drops.
  • Enable all available security features. Two-factor authentication is a must, but it’s not a silver bullet—session hijacking and social engineering are still threats.
  • Document your setup. Keep records of who has access to what, and how your monetization is configured.

The Bigger Picture: Platform Risks and Creator Vulnerability

The GSM Arena case highlights a deeper issue: platforms like YouTube are massive, and their support systems aren’t always equipped to handle nuanced, high-stakes problems. Privacy laws, while important, can sometimes protect bad actors at the expense of legitimate users. And legacy systems—like MCNs—can create hidden risks that only surface when it’s too late.

Final Thoughts

As creators, we often focus on content and community, but operational security is just as important. The TechWiser hack was a wake-up call, but the GSM Arena story is a reminder that not all attacks are loud or obvious. Sometimes, the most damaging breaches are the ones you don’t notice until it’s too late.

Stay vigilant, review your setups, and don