He Built 20,000 Subscribers Over Years. A Hacker Took It in 3 Minutes.

Written By Vinton Mojdeh

He Built 20,000 Subscribers Over Years. A Hacker Took It in 3 Minutes.

How a professional-looking fake sponsorship email destroyed Andreas Wagner's YouTube channel — and what every creator needs to know right now.

Watch the Full Breakdown on YouTube:

Then come back here for the written breakdown — because what happened to Andreas Wagner is not a freak event. It's a blueprint attack that's already hit hundreds of creators, and if you use Google for anything related to your business, you need to understand exactly how it works.

Who Is Andreas Wagner?

Andreas Wagner runs Live Poker Guide — a YouTube channel he spent years building into a trusted resource for live cash poker players. 20,000+ subscribers. Weekly content. A real business. And in the span of about three minutes, it was gone.

Not deleted. Not suspended for a policy violation. Stolen.

I invited Andreas onto the channel because this story needs to be told — not just for YouTube creators, but for anyone who runs any part of their life or business through Google.

The Attack: How It Actually Happened

It started with a sponsorship email. That's it. A message from what appeared to be a legitimate tech brand asking Andreas to promote their products. He gets one or two of these per week, so nothing seemed unusual. He replied politely, expressed some skepticism about the fit, and they pushed back with "market research" about how poker players love tech.

Eventually they sent him a link to their product page. Professional design. Clean layout. Good photography. No red flags visible to the naked eye.

He clicked it.

That single click was enough. The attackers had embedded malware that harvested the authentication cookies stored in his browser. Those cookies are what tell Google "this is a trusted device." By stealing them, the hackers could impersonate Andreas's machine entirely — bypassing two-factor authentication as if it didn't exist.

Within minutes, he started receiving a flood of emails to his recovery address:

  • Password changed
  • Passkey changed
  • Recovery email changed
  • Phone number changed
  • Two-factor authentication disabled

Sixteen emails. Complete lockout. Then his channel began livestreaming a crypto scam, and YouTube shut it down.

Why Google's Recovery System Fails You

Here's where it gets truly infuriating. Google has an automated recovery process — but it's designed around the assumption that you still know your account details. When every credential has been replaced by the attacker, you can't answer a single verification question correctly. The system sends codes to the hacker's email. The hacker's phone number. And then it just loops.

Andreas walked an hour to Google's London office in desperation. He didn't get past the receptionist. The receptionist's advice? Contact customer support. Customer support's requirement? Be logged into your account. His problem? He can't log in.

The only way he eventually got traction was by creating a brand new Gmail account, engaging Google's AI support bot, and getting it escalated to a human — a process that also required help from his sponsor Coinpoker, a contact of mine in North America, and a prominent YouTuber posting in a private forum. Seven or eight parallel channels of pressure just to get a case number.

That is not a recovery system. That's a wall with a very small, hidden door that most people will never find.

What Google Should Be Doing — And Isn't

I want to be fair: Google has hundreds of millions of accounts. Staffing human support for every recovery request isn't realistic. I understand the scale problem.

But here's what is realistic: proactive communication. Google knows these attacks are happening. They know the cookie-theft vector exists. They know which channels are getting targeted. Sending creators a direct warning — explaining the specific attack pattern and what to do — costs almost nothing.

Instead, creators have to learn about it the hard way, the way Andreas did. And by then it's too late.

YouTube needs its creators. We produce the content they sell advertising against. When Andreas's channel goes dark, YouTube loses revenue too. The commercial incentive to protect creators is right there. The gap between that incentive and the current reality is baffling.

The Silver Lining: Why Your Email List Is Everything

If there's one takeaway from this conversation that I want burned into your memory, it's this: your email list is the only audience you actually own.

The day his channel went down, Andreas emailed his entire list explaining what happened. The response was overwhelming — hundreds of messages of support, encouragement, and people sharing the news. His community didn't disappear. Because his list wasn't stored in Google. It wasn't subject to Google's recovery process. It was his.

Twenty-two people unsubscribed. Thousands showed up. That ratio tells you everything.

Your YouTube channel, your Facebook page, your Instagram — those are rented land. Your email list is the only property you own outright.

Assassin Notes

  • Cookie-theft malware can bypass two-factor authentication entirely — 2FA is not a complete shield.
  • One click on a professional-looking link is all it takes. AI has made phishing pages indistinguishable from real ones.
  • Google's recovery system assumes you know your credentials — the moment an attacker changes everything, you're locked out permanently unless you have outside connections.
  • There is no Google customer support phone number. You cannot walk into a Google office and get help. The system is designed to keep you out.
  • Your email list is the only audience you truly own. Everything else is borrowed from a platform that can disappear overnight.
  • This attack is not limited to YouTube — Facebook, websites, and any Google-connected account are all vulnerable through the same vector.

How to Protect Yourself Right Now

Andreas had 2FA. He had a recovery email. He had backup credentials. None of it mattered once the cookie was stolen. So what actually helps?

  • Use a dedicated browser profile (or separate browser) exclusively for Google/YouTube. Don't mix your creator account with general browsing.
  • Never click sponsorship links in your standard browser session. If you must check a link, open it in an isolated incognito window or a throwaway browser profile.
  • Use a hardware security key (like a YubiKey) as your 2FA method — these are significantly harder to bypass than SMS or app-based codes.
  • Be suspicious of any sponsorship outreach, especially if they push back on your skepticism with "market research." Legitimate brands don't pressure you.
  • Build and protect your email list. It's your insurance policy against platform loss.

Support Andreas — And Stay Updated

Andreas is actively working to recover his channel and there are signs of progress. In the meantime, the best way to stay connected with him and support his comeback:

📬 Join his email newsletter (includes a free cheat sheet on exploiting different player types):
https://live-poker-guide.kit.com/864f278d82

📺 Watch his second channel Artigian Poker while his main channel is being recovered:
https://www.youtube.com/@ArtigianPoker/videos

Want to Sharpen Your Poker Game While You're Here?

🧩 Step 1: Find Your Leaks (FREE)

LeakHunter Diagnostics — Take the free 40-question diagnostic and get a clear picture of exactly where you're bleeding money at the live cash table.

https://audit.vintonpoker.com

🤖 Step 2: Get Instant Coaching (FREE)

Vinton Poker Coaching AI — A custom GPT trained on The Poker Delusion and The Delusion Killer Masterclass. Ask it anything about your game.

https://VintonPoker.com/aicoach

#Poker #LivePoker #YouTubeHacked #CyberSecurity #ContentCreator #PhishingScam #PokerStrategy #EmailList #VintonPoker

Vinton Mojdeh
Next

Variance Didn’t Rob You—This Did ($320/Session)