August 15, 2025
11 11 11 AM
Latest Post
Asia Morning Briefing: ETH’s Bullrun Meets Early Signs of Selling Pressure US Treasury’s Scott Bessent backpedals: Bitcoin buying still possible Scott Bessent Suggests Government Bitcoin Purchases Remain a Possibility Wall Street Joins Consumer Advocates to Call for Edit to GENIUS Act on Stablecoins U.S. Blacklists Crypto Network Behind Ruble-Backed Stablecoin and Shuttered Exchange Garantex Polygon’s POL Falls 6% As Inflation Shock Triggers Heavy Selling Jack Dorsey’s Block targets 10-year lifecycle for Bitcoin mining rigs Crypto Slide Spurs $1B Leverage Flush, But It’s a Healthy Pullback, Analysts Say NEAR Protocol Faces Heavy Institutional Selling, Recovers Slightly Amid Ongoing Volatility ATOM Faces Sharp Decline Amid High-Volume Selloff

Weaponized Trading Bots Drain $1M From Crypto Users via AI-Generated YouTube Scam

Over $1 million has been siphoned from unsuspecting crypto users through malicious smart contracts posing as MEV trading bots, according to a new report by SentinelLABS.

The campaign leveraged AI-generated YouTube videos, aged accounts, and obfuscated Solidity code to bypass basic user scrutiny and gain access to crypto wallets.

Scammers appeared to be using AI-generated avatars and voices to reduce production costs and scale up video content.

These tutorials are published on aged YouTube accounts populated with unrelated content and manipulated comment sections to give the illusion of credibility. In some cases, the videos are unlisted and likely distributed via Telegram or DMs.

At the center of the scam was a smart contract promoted as a profitable arbitrage bot. Victims were instructed via YouTube tutorials to deploy the contract using Remix, fund it with ETH, and call a “Start()” function.

In reality, however, the contract routed funds to a concealed, attacker-controlled wallet, using techniques such as XOR obfuscation (which hides data by scrambling it with another value) and large decimal-to-hex conversions (which convert large numbers into wallet-readable address formats) to mask the destination address (which makes fund recovery trickier).

The most successful identified address — 0x8725…6831 — pulled in 244.9 ETH ( approximately $902,000) via deposits from unsuspecting deployers. That wallet was linked to a video tutorial posted by the account @Jazz_Braze, still live on YouTube with over 387,000 views.

“Each contract sets the victim’s wallet and a hidden attacker EOA as co-owners,” SentinelLABS researchers noted. “Even if the victim doesn’t activate the main function, fallback mechanisms allow the attacker to withdraw deposited funds.”

As such, the scam’s success has been broad but uneven. While most attacker wallets netted four to five figures, only one (tied to Jazz_Braze) cleared over $900K in value. Funds were later moved in bulk to secondary addresses, likely to further fragment traceability.

Meanwhile, SentinelLABS warns users to avoid deploying “free bots” advertised on social media, especially those involving manual smart contract deployment. The firm emphasized that even code deployed in testnets should be reviewed thoroughly, as similar tactics can easily migrate across chains.

Read more: Multisig Failures Dominate as $3.1B Is Lost in Web3 Hacks in the First Half

This post was originally published on this site

Please enter Coingecko Free Api Key to get this plugin works