Sure, customer reps shouldn’t help with account recovery unless they get proper verification. I’m sure many companies have learned from past mistakes. I think that’s the only way to solve it. I’m not sure though if this is what has happened here… These crypto people seem to have hacked many accounts last year.
Adam Koralik talks a bit fast and some details aren’t clear to me. For example if he got recovery mails and sms from his own actions or if this was the scammer. Also I’m not sure how 2fa works with YouTube. I certainly hope changing the account password makes it ask for the second factor or it’s next to useless. If this is the case he must have gotten phished or there is another unknown security issue in the process. Or his password didn’t get changed in the first place. But that also can’t be it since he clearly tells he got the notification mails for a password change and changed recovery methods.