Some social media trends have real consequences. This one cost New York City $17 million.

It seems like every week, general-interest news outlets that aren’t very familiar with our industry pick up sensationalist stories about the latest dangerous trend that’s absorbing the attention spans of The Youths. The purpose of these articles is usually to warn parents, so they get their kids to spend less unsupervised time on TikTok (a sentiment we don’t disagree with).

In some cases, the ‘trend’ is just one or two kids doing something dumb and posting it online, and no one else copies them.

In other cases, though, the consequences are real and life-altering. A Southern California 13-year-old died earlier this year after attempting something similar to the “blackout challenge.” The parents of four children who also died attempting it in 2022 are currently suing TikTok. A New York City judge just ruled that a mother whose son died subway surfing in 2023 can proceed with her lawsuits against ByteDance and Meta. She alleges they targeted her son with content that encouraged subway surfing, and ultimately caused his death.

Now trends causing a new kind of harm are surfacing with increasing frequency.

We say ‘new’ harm, but aside from bodily, it’s perhaps the oldest kind of harm out there: financial.

Earlier this month, someone somehow discovered a flaw in New York City’s Summer Youth Employment Program, aka SYEP. The program works with ~70 community-based organizations around the city, and helps place youth ages 16-24 in six-week work positions where they’re paid $16.50 an hour.

Those wages are paid directly by the city of New York. Participants who can’t get their money via direct deposit are instead issued SYEP-specific payment cards they can take to an ATM, which will then dispense their week’s earnings.

Except when it doesn’t. From July 11 to 13, a flaw in the system allowed SYEP cards to access not just a week’s earnings, but limitless amounts of cash from an account presumably operated by New York City itself.

The New York Times reports SYEP cards were able to withdraw massive lump sums up to $40,000. And, since there are around ~30,000 SYEP cards in circulation, that was 30,000 potential oversized withdrawals.

Word of the flaw spread fast on TikTok and Instagram. “We’re making bread, we’re printing money right now,” a man said in one video. “If you work SYEP, hit me up.”

At the end of the three days, $17 million had been taken, law enforcement officials told the Times.

A spokesman for NYC’s Department of Youth and Community Development suggested SYEP employees themselves weren’t directly responsible for most of the theft. Instead, the department believes it was committed by people like the man in the TikTok video telling SYEP kids to “hit me up”–more willing and/or seasoned fraudsters who sought possession of SYEP cards and then used them to make large withdrawals. Officials said some SYEP participants sold their cards for as much as $1K.

“We are deeply disturbed by scammers preying on our participants just as they started their work assignments to support themselves and their families,” Mark Zustovich, the spokesman, said.

If this situation is ringing a bell for you, that’s because another blitz ATM fraud took off on TikTok last August. Described by proponents as an “infinite money glitch,” it was a similar situation, where ATM users could exploit a glitch in JP Morgan Chase‘s system and tell it to hand over tens of thousands of dollars. They did this by writing a fake check, cashing it, and then bypassing the usual safeguards to withdraw the entire amount on the check, instead of the small portion that typically becomes available before the check clears.

Some people who successfully pulled this off posted self-congratulatory videos on TikTok and Instagram, throwing money and boasting about free cash. They either didn’t know or didn’t care that they’d just committed a serious crime.

Now, a year later, JP Morgan Chase is suing the people who exploited that glitch.

And that lawsuit is probably a glimpse at what some of the people who stole $17 million from SYEP have coming. We’re guessing the more experienced thieves bought SYEP cards for cheap without giving their names, covered their faces at the ATMs, ditched the cards, and will never be found. But since SYEP cards are hard-coded to individual program participants, NYC will know who exploited the glitch (or allowed someone else to exploit it with their card).

Officials didn’t say what the plan is, but did confirm there’s an ongoing investigation. Participants whose cards were used in the fraud are likely not in for a great time, whether that means being blacklisted from the country’s largest summer youth employment program–or ending up in court.