Over $1 Million Lost in Crypto Scam Involving Malicious Trading Bots
Over $1 million has been stolen from crypto users through fraudulent smart contracts masquerading as MEV trading bots, according to SentinelLABS. Key details include:
- The campaign utilized AI-generated YouTube videos and aged accounts to mislead users.
- Scammers employed AI avatars and voices to create low-cost video content.
- Tutorials were hosted on aged accounts with unrelated content, using manipulated comments for credibility.
- Victims were directed to deploy a smart contract via Remix, funding it with ETH and calling a “Start()” function.
- The actual contract directed funds to an attacker-controlled wallet, employing obfuscation techniques to conceal the destination address.
- One address, 0x8725...6831, received 244.9 ETH (about $902,000) from victims, linked to a tutorial by @Jazz_Braze, which remains live with over 387,000 views.
- The scam's design allowed attackers to withdraw funds even if victims did not activate the main function.
- Most attacker wallets earned four to five figures; however, one account amassed over $900K. Funds were subsequently moved to secondary addresses to complicate tracing.
- SentinelLABS advises against deploying free bots from social media, highlighting the need for thorough code reviews, even in testnets.