Ethereum News Today: Malicious crypto bots steal $900k via aged YouTube accounts

Generated by AI AgentCoin World
Thursday, Aug 7, 2025 4:38 am ET1min read
Aime RobotAime Summary

- Malicious actors used aged YouTube accounts to distribute crypto bots, stealing over $900,000 via deceptive smart contracts.

- AI-generated videos mimic tutorials, guiding users to deploy obfuscated contracts hiding attacker addresses through XOR and hex techniques.

- The @Jazz_Braze account received 244.9 ETH ($900,000+), with funds laundered through multiple secondary wallets.

- Experts warn users to avoid unvetted smart contracts promoted on social media, as obfuscation makes scams hard to detect until funds are drained.

A network of malicious actors has exploited aged YouTube accounts to distribute crypto trading bots that have siphoned over $900,000 in stolen Ether through deceptive smart contracts. According to SentinelLABS, these scams operate by leveraging AI-generated video content to mimic legitimate tutorials on deploying arbitrage or MEV (Maximal Extractable Value) bots. The videos guide users to external websites where they are instructed to deploy obfuscated smart contracts, often using platforms like Remix, an Ethereum development environment[1].

The smart contracts, however, conceal attacker-controlled addresses. SentinelLABS found that these contracts employ obfuscation techniques such as XOR operations, string concatenation, and hexadecimal conversions to hide the scammers' wallet addresses. Once deployed and funded—typically with at least 0.5 ETH—the hidden mechanisms in the code allow the attackers to drain the funds[1].

One of the most significant cases identified by SentinelLABS involves a YouTube account named “@Jazz_Braze,” which was linked to a wallet that received 244.9 ETH, valued at over $900,000. The stolen funds were then moved through multiple secondary addresses in what appears to be a laundering process. Other scammer-controlled wallets received smaller amounts, averaging over $10,000 in ETH[1].

The accounts used in the scheme were aged and previously hosted content related to cryptocurrency or pop culture, making them appear legitimate. SentinelLABS believes these accounts were purchased from online marketplaces, often promoted through Telegram groups or indexed on search-engine-based platforms[1].

The scam leverages the growing popularity of crypto trading bots—automated tools that execute trades based on algorithmic strategies. While such bots can be legitimate and useful in high-frequency trading, this case demonstrates how they can be weaponized by bad actors to deceive users into deploying malicious smart contracts.

Alex Delamottea, a senior threat researcher at SentinelLABS, emphasized the risks of using unvetted tools promoted on social media. He noted that victims are often lured by promises of high returns and are told to deploy smart contracts to “activate” the bots. The scam is particularly effective because the obfuscation techniques used make it difficult for victims to detect the malicious intent until it is too late[1].

The report serves as a cautionary reminder for crypto traders to exercise extreme caution when interacting with smart contracts or trading bots, particularly those promoted through social media or influencer content. Delamottea advised users to avoid deploying any code that is not thoroughly vetted and to be wary of offers that appear too good to be true[1].

Source: [1] Malicious crypto trading bots siphon over $900k via aged YouTube accounts (https://coinmarketcap.com/community/articles/689462d1507aff34f6dedf79/)

Comments



Add a public comment...
No comments

No comments yet