Over $ 1 million has been sifoned from unsuspecting crypto trucks through malicious smart contracts that make up as MEV trade with bots, according to a new report from Sentinellabs.
The Geared AI-Geared YouTube videos, age accounts and veiled solidity code to bypass the basic user survey and access crypto drawing books.
Scammers seemed to use AI-generated avatars and votes to reduce production costs and scale up video content.
These tutorials are published on the age of YouTube accounts populated with non -related content and manipulated comment sections to give the illusion of credibility. In some cases, the videos are unleashed and are probably distributed via telegram or DMs.
In the middle of the scam was a smart contract that was promoted as a profitable arbitrage bot. Victims were directed via YouTube tutorials to implement the contract using Remix, finance it with ETH and call a “start ()” feature.
In fact, however, the contract directed funds for a hidden, attacking-controlled wallet using techniques such as Xor connection (which hides data by encrypting it with a different value) and large decimal-to-hex conversions (which convert large numbers to wallet-reading address formats) to mask the destination address (which makes fonde recovery).
The most successful identified address – 0x8725 … 6831 – drawn in 244.9 ETH (about $ 902,000) via deposits from unsuspecting installs. This wallet was attached to a video tutorial submitted by the account @Jazz_brazeStill live on YouTube with over 387,000 views.
“Each contract sets the victim’s wallet and a hidden striker EOA as co -owners,” Sentinellab’s researchers noted. “Even if the victim does not activate the main function, fall backback mechanisms allow the attacker to withdraw deposited funds.”
As such, the success of the scam has been broad but uneven. While most attacks the wallets the net four to five figures, it was only one (tied to Jazz_braze) Cleared over $ 900K in value. Funds were later moved in bulk to secondary addresses, probably additional fragment trackability.
Meanwhile, Sentinellab’s users warn to avoid implementing “free bots” advertised on social media, especially those involving manual smart contract installation. The company emphasized that even code implemented in test nets must be thoroughly reviewed as similar tactics can easily migrate over chains.
Read more: Multisig -Fiaskos dominate as $ 3.1B is lost in web3 hacks in the first half
