Fake Ethereum trading bots on YouTube help scammers steal over $900K

Cybersecurity firm SentinelLABS has uncovered a sophisticated scam campaign that has siphoned over $900,000 from unsuspecting crypto users.

According to the report, the attackers use malicious Ethereum-based smart contracts disguised as trading bots to target individuals who follow seemingly educational content on YouTube.

The report added that these scams have been active since early 2024 and constantly evolve through new videos and accounts.

How the scam works

The fraudulent scheme revolves around YouTube videos that offer tutorials on deploying automated trading bots, specifically Maximal Extractable Value (MEV) bots, through the Remix Solidity Compiler, a popular web-based IDE for smart contract development.

These videos direct viewers to download smart contract code from external links. Once deployed, the contracts are programmed to drain funds directly from the user’s wallet.

The scammers invest in aging YouTube accounts to appear credible, populating them with off-topic or seemingly legitimate crypto-related content. This strategy helps boost visibility while building the illusion of trust.

AI-generated videos

A notable tactic in this campaign is the use of AI-generated videos. According to the firm, many of the tutorial clips feature synthetic voices and faces with robotic tones, unnatural cadence, and stiff facial movements.

This approach allows the perpetrators to rapidly produce scam content without hiring real actors, significantly reducing operational costs.

However, the most lucrative video uncovered by SentinelLABS—responsible for draining over $900,000—appears to have been created by a real person, not an AI avatar. This suggests that while automation enhances scalability, human-generated content may still drive higher conversion rates.

Meanwhile, SentinelLABS also found multiple iterations of the weaponized contracts, each using varying obfuscation techniques to hide attacker-controlled Externally Owned Accounts (EOAs).

While some contracts shared a common wallet address, many others used distinct destinations, making it difficult to determine whether the campaign is the work of a single entity or multiple threat actors.

Considering this, SentinelLABS warned that blending Web3 tools, social engineering, and generative AI presents a growing threat landscape.

The firm urged crypto users to verify all external code sources and remain skeptical of too-good-to-be-true trading bots—especially those promoted via unvetted YouTube tutorials