The Daily Star Lebanon Breaking News, Lebanon News, Middle East News & World News
A sophisticated scheme targeting crypto enthusiasts has been uncovered, in which attackers are exploiting old YouTube accounts to promote fake trading bots that secretly install malicious smart contracts. These contracts, once deployed by unsuspecting users, allow the scammers to steal their crypto holdings directly.
How the Scam Unfolds
According to cybersecurity experts at SentinelLABS, the operation starts with seemingly helpful YouTube tutorials that guide users through launching profitable crypto trading bots. These step-by-step videos, often generated using AI voices and avatars, link viewers to external websites offering ready-made smart contract code.
The supposed purpose of this code is to deploy bots capable of arbitrage or extracting MEV (Maximal Extractable Value) from crypto markets. Victims are instructed to use Remix, a popular Ethereum-based development platform, to publish the code themselves — believing they’re activating bots that will generate high returns.
But in reality, the contracts are laced with hidden logic designed to funnel funds to the attacker’s wallet. The deception is deepened by technical tricks used to obscure this address: obfuscation methods like XOR encoding, string slicing, and hexadecimal conversions are embedded to avoid detection.
Once a user deploys the contract and adds ETH to fund it—typically a minimum of 0.5 ETH—the malicious logic kicks in. Some contracts are so cleverly built that the attacker can extract funds even if the user never interacts with the bot again, using silent fallback mechanisms hard-coded into the system.
Significant Financial Losses Uncovered
SentinelLABS traced the flow of stolen crypto across several wallets and discovered that some scammers are earning enormous sums. One of the largest wallets, linked to a YouTube user named “@Jazz_Braze,” had received nearly 245 ETH—worth more than $900,000—through this method.
The funds were tracked moving through over two dozen secondary wallets, suggesting efforts to obscure the origins and final destination, likely as part of laundering operations.
While some scammer wallets yielded smaller amounts, many still held tens of thousands of dollars in ETH, indicating a wide and effective reach. All the associated YouTube videos had one thing in common: tightly controlled comment sections and staged testimonials designed to build false credibility and suppress criticism.
Manipulating Trust Through Aged Accounts
One of the techniques fueling the success of these scams is the use of aged YouTube accounts. Many of the channels involved previously hosted unrelated content, including crypto news or general pop culture videos, giving them the appearance of legitimacy.
Investigators believe some of these accounts were purchased through Telegram groups or online marketplaces that specialize in selling aged digital assets. The older the account, the more likely it is to gain viewer trust and higher placement in YouTube’s algorithms—making it easier to attract victims.
Real vs. Fake Trading Bots: A Cautionary Divide
Legitimate crypto trading bots do exist and are used widely across exchanges to automate trading strategies. These bots can execute trades faster than humans, capitalizing on small market inefficiencies in real time. With advancements in AI, many of these systems have become even more powerful, offering high-frequency capabilities once reserved for institutions.
A specific subset, known as MEV bots, target transaction sequencing opportunities on blockchain networks. By monitoring pending transactions, they can strategically jump the queue to extract extra value. While this practice is controversial, it’s technically legal.
However, just like in this scam, such bot technology can be exploited for malicious gain. One past example is the “arsc” bot, which extracted millions of dollars from Solana traders using sandwich attacks—placing orders before and after a victim’s transaction to profit from the price impact.
SentinelLABS: “Don’t Trust Code From Influencer Videos”
Cybersecurity analyst Alex Delamotte from SentinelLABS issued a clear warning to crypto users: avoid any code or tools promoted through unverified social media content.
“There’s no shortcut to success in crypto,” Delamotte emphasized. “When something promises guaranteed returns with minimal effort—especially from a video—it’s most likely a trap.”
As the crypto space continues to evolve, so do the methods used to exploit newcomers. The case reinforces the need for extreme caution when handling smart contracts, especially when sourced from platforms more commonly used for entertainment than engineering.
