Paul Johnson đź“Ť TL;DR:
1. Scammers stole $1M+ in ETH using fake MEV bots promoted via AI-generated YouTube tutorials.
2. Victims deployed contracts that secretly funneled funds to attacker wallets.
3. The campaign relied on manipulated comment sections, aged accounts, and obfuscated Solidity code.
4. One wallet alone earned $902K.
5. Do not deploy free bots from social media. Ever.
In a latest development of crypto’s dark side, scammers turned to AI-generated YouTube content and weaponized smart contracts to orchestrate a sophisticated fraud campaign—one that’s already drained over $1 million in ETH from unsuspecting users.
According to a blistering report from SentinelLABS, the scam hinges on deceptive MEV (Maximal Extractable Value) trading bots, which are nothing more than cleverly disguised smart contracts coded to steal. The ruse? Crypto newcomers are duped into deploying these contracts themselves – under the illusion of unlocking risk-free arbitrage profits.
But here’s the twist: the attackers aren’t just pushing dodgy code. They’ve gone full Hollywood—with AI-generated avatars and deepfake voices, cutting production costs while rapidly flooding YouTube with slick, “trustworthy” tutorials. These fake personalities walk viewers through how to deploy what appears to be a lucrative bot using Remix IDE and a tempting little “Start()” function.
What users don’t realize is that this authentic-looking function is a trapdoor.
The YouTube Hustle
These malicious tutorials are posted via aged YouTube accounts, stuffed with unrelated content to seem legitimate. Some videos are unlisted – circulated privately through Telegram groups and DMs – adding an illusion of exclusivity to the scheme. And the comment sections? Heavily manipulated, filled with fake praise and fake testimonials.
One standout tutorial, posted by the now-notorious @Jazz_Braze, racked up 387,000+ views and was linked directly to a wallet address (0x8725…6831) that has hoovered up 244.9 ETH—worth roughly $902,000.
Obfuscation 101: Hide, Trick, Steal
The true genius—or malevolence—lies in the code. SentinelLABS identified clever obfuscation techniques, including XOR scrambling, decimal-to-hex conversions, and fallback functions that silently drain wallets even when users don’t explicitly call the main function. Victims unknowingly set both themselves and an attacker’s wallet as co-owners of the contract.
Once the ETH is in, the contract automatically routes the funds to hidden addresses. Some funds are then moved in bulk to secondary wallets, fragmenting the trail and making it harder to trace or recover.
The Red Flags Are Clear
SentinelLABS issued a stark warning:
“Avoid deploying free bots advertised on social media. Even code used in testnets must be reviewed thoroughly—because tactics like these are portable and can leap across chains.”
The message is crystal: if it sounds too good to be true, it probably involves XOR obfuscation and an empty wallet.
Protect Yourself, Stay Skeptical
This isn’t just a cautionary tale—it’s a wake-up call. The convergence of AI-generated trust signals, user-deployed smart contracts, and cheap but convincing video content marks a dangerous evolution in crypto scams.
Before you deploy a bot, ask yourself: who wrote the code? Why is it free? And why does “Jazz Braze” sound like a crypto jazz band from 2087?
Crypto doesn’t forgive, and code doesn’t forget. Verify, don’t trust.
Stay vigilant. Stay decentralized.
