• Scam videos on YouTube led to the theft of over 256 ETH via hidden smart contracts.

• Victims are tricked into funding contracts with at least 0.5 ETH for fake bots.

• Smart contracts use obfuscation methods to hide the attacker’s wallet address.

• One scam account stole 244.9 ETH, making it the most successful in the campaign.

Cybersecurity firm SentinelLABS has uncovered a scam that used old YouTube accounts to promote fake crypto trading bots. These bots, disguised as helpful tools, are in fact malicious smart contracts designed to drain users’ crypto wallets. The campaign has led to the theft of more than 256 ETH, which is valued at around $939,000.

The scam has been running since at least early 2024 and is ongoing. It uses aged YouTube channels that previously posted cryptocurrency news or unrelated pop culture content to appear trustworthy. Many of the videos were AI-generated, featuring robotic voiceovers and unnatural facial movements.

Alex Delamottea, senior threat researcher at SentinelLABS, said,

“Several videos appear to be AI-generated based on audio and visual tells.”

Crypto Bot Scam Relies on Users Deploying Malicious Smart Contracts

Victims are misled by YouTube videos that provide step-by-step instructions on deploying what is claimed to be an arbitrage or MEV trading bot. The code, shared via external links, is a malicious smart contract written in Solidity. Once deployed, it gives the attacker access to funds deposited by the victim.

To activate the bot, the user is asked to send at least 0.5 ETH to the deployed contract. The videos falsely claim the ETH will cover gas fees and allow the bot to start trading. In reality, the attacker’s wallet address is already embedded in the contract, though hidden using advanced obfuscation techniques.

These include methods like XOR operations, string concatenation, and decimal-to-hex conversion to hide the attacker’s Ethereum address. One commonly used wallet address found in multiple contracts was 0x872528989c4D20349D0dB3Ca06751d83DC86D831.

Controlled Comments and AI Videos Increase Scam Credibility

The scammers maintain a convincing presence by managing YouTube comments to delete any negative or suspicious remarks. Testimonials in the comments falsely claim profits made from using the bot. SentinelLABS noted that more knowledgeable users turned to Reddit and other platforms for information.

---

---

Videos show high engagement metrics and often have professional thumbnails. Some videos are unlisted and shared via platforms like Telegram. One particularly successful video titled “How to Create Passive Income MEV Bot on Ethereum Full Tutorial” was posted by user @Jazz_Braze and has gained over 387,000 views.

This account showed no signs of AI usage in its main video, which helped it avoid suspicion. The narrator appeared more human, with natural movements and consistent facial reflections, leading to better credibility.

Attackers Gained Over $900K From Multiple Wallets

SentinelLABS found that the scams used multiple smart contracts and wallets, with varying amounts of stolen ETH. One wallet alone received 244.9 ETH, while others had 7.59 ETH and 4.19 ETH respectively. These wallets were used in separate contracts and campaigns, indicating either multiple scammers or one actor using various identities.

“The scams have had varying degrees of success,” Delamottea reported, adding that the complexity of the contracts helped avoid detection.

Many of the YouTube accounts used were likely bought through platforms such as Telegram, where aged YouTube channels are sold openly. These accounts were preloaded with playlists and content to build legitimacy over time.