Cybersecurity company Sentinellabs has discovered a sophisticated fraud campaign that has siphoned over $900,000 from unsuspecting crypto users.
The report says attackers are using malicious Ethereum-based smart contracts pose as trading bots to target individuals who follow seemingly educational content on YouTube.
The report added that these scams have been active since early 2024 and are constantly evolving through new videos and accounts.
How fraud works
The fraud scheme revolves around YouTube videos that provide tutorials on deploying automated trading bots, particularly the largest extractable value (MEV) bots.
These videos instruct viewers to download smart contract codes from external links. Once deployed, the contract is programmed to drain funds directly from the user’s wallet.
Scammers will invest in YouTube aging and become trustworthy, providing off-topic or seemingly legal crypto-related content. This strategy helps to increase visibility while building illusions of trust.
AI-generated video
A notable tactic in this campaign is the use of AI-generated videos. According to the company, many of the tutorial clips feature a synthetic voice and face with robot tones, unnatural cadence and stiff facial movements.
This approach allows perpetrators to quickly generate fraudulent content without hiring real actors, significantly reducing operational costs.
However, the most profitable video revealed by Sentinellabs, which handles emissions of over $900,000, would have been created by a real person rather than an AI avatar. This suggests that automation improves scalability, but that human-generated content may still promote higher conversion rates.
Meanwhile, Sentinellabs discovered multiple iterations of weaponized contracts. Each uses a variety of obfuscation techniques to hide externally owned accounts (EOAs) controlled by attackers.
While some contracts shared a common wallet address, many others use different destinations, making it difficult to determine whether the campaign is a single entity job or multiple threat actors.
With this in mind, Sentinellabs warned that blending of Web3 tools, social engineering, and generator AI will bring about a threatening landscape.
The company has urged crypto users to validate all external code sources and remain skeptical of trading bots that are too good, although advertised through regular YouTube tutorials.
