Over $1 million has been siphoned from unsuspecting crypto users through malicious smart contracts posing as MEV trading bots, according to a new report by SentinelLABS.
The campaign leveraged AI-generated YouTube videos, aged accounts, and obfuscated Solidity code to bypass basic user scrutiny and gain access to crypto wallets.
Scammers appeared to be using AI-generated avatars and voices to reduce production costs and scale up video content.
These tutorials are published on aged YouTube accounts populated with unrelated content and manipulated comment sections to give the illusion of credibility. In some cases, the videos are unlisted and likely distributed via Telegram or DMs.
At the center of the scam was a smart contract promoted as a profitable arbitrage bot. Victims were instructed via YouTube tutorials to deploy the contract using Remix, fund it with ETH, and call a “Start()” function.
In reality, however, the contract routed funds to a concealed, attacker-controlled wallet, using techniques such as XOR obfuscation (which hides data by scrambling it with another value) and large decimal-to-hex conversions (which convert large numbers into wallet-readable address formats) to mask the destination address (which makes fund recovery trickier).
The most successful identified address — 0x8725...6831 — pulled in 244.9 ETH ( approximately $902,000) via deposits from unsuspecting deployers. That wallet was linked to a video tutorial posted by the account @Jazz_Braze, still live on YouTube with over 387,000 views.
“Each contract sets the victim’s wallet and a hidden attacker EOA as co-owners,” SentinelLABS researchers noted. “Even if the victim doesn’t activate the main function, fallback mechanisms allow the attacker to withdraw deposited funds.”
As such, the scam’s success has been broad but uneven. While most attacker wallets netted four to five figures, only one (tied to Jazz_Braze) cleared over $900K in value. Funds were later moved in bulk to secondary addresses, likely to further fragment traceability.
Meanwhile, SentinelLABS warns users to avoid deploying “free bots” advertised on social media, especially those involving manual smart contract deployment. The firm emphasized that even code deployed in testnets should be reviewed thoroughly, as similar tactics can easily migrate across chains.
Read more: Multisig Failures Dominate as $3.1B Is Lost in Web3 Hacks in the First Half
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
