The Fake Crypto Bot Scam: How Smart Contracts & AI Videos Are Stealing Millions on YouTube
Ddos 
SentinelLABS has detailed a coordinated wave of cryptocurrency scams weaponizing malicious smart contracts promoted as arbitrage trading bots — all orchestrated through aged YouTube accounts and AI-generated tutorial videos.
These scams have siphoned off hundreds of thousands of dollars in Ethereum from unsuspecting users who were tricked into deploying weaponized smart contracts, often believing they were gaining access to Maximal Extractable Value (MEV) bots.
The campaign thrives on illusion and obfuscation. Actors utilize aged YouTube accounts that masquerade as crypto education channels. These accounts post off-topic playlists and curated content to boost credibility.
“The actors are likely managing the YouTube comment section to delete any negative comments, with more savvy users turning to platforms like Reddit for additional context on the bot,” SentinelLABS explains.
Scam videos claim to teach viewers how to deploy profitable crypto trading bots using Remix IDE and Solidity smart contracts — but the linked contracts are weaponized to steal funds.
Some videos are AI-generated, complete with robotic narration, awkward lip-syncing, and twitchy eye movements. One user, @SolidityTutorials, published such a tutorial titled “A Step-by-Step Guide to Building an Ethereum Uniswap Sniper Bot”.
Another, @Jazz_Braze, used a more human-like approach in a video titled “How to Create Passive Income MEV Bot on Ethereum”, which turned out to be the most successful of the campaigns, netting over 244.9 ETH (~$902,000 USD).
Each smart contract contains obfuscated attacker wallet addresses using techniques such as:
- XOR encoding
- String concatenation
- Decimal-to-hex conversions
“The XOR method is the most complex… used across multiple weaponized Solidity contracts that result in the same calculated attacker EOA: 0x872528989c4D20349D0dB3Ca06751d83DC86D831,” the report notes.
Upon deployment, the contract sets two owners: the victim and the attacker. Even if the victim doesn’t activate the bot via a Start() call, a failover function ensures the attacker can still withdraw any deposited ETH.
The contracts require a minimum deposit of 0.5 ETH, supposedly to cover gas fees and ensure profitable arbitrage — but in reality, it’s just bait.
SentinelLABS tracked multiple Externally Owned Accounts (EOAs) tied to the scams. The largest takedown, linked to @Jazz_Braze, funneled the funds through a network of 20+ addresses, each receiving portions of the stolen ETH in bulk moves.
Other EOAs, like those referenced in @SolidityTutorials and @todd_tutorials, received 4.19 ETH ($15K) and 7.59 ETH ($28K), respectively.
“Each scam we analyzed made several thousand dollars (US) in profit… the wallet associated with the Jazz_Braze scam collected over $900,000 US,” the report concludes.
Related Posts:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
