According to Foresight News, a recent report by SentinelLABS reveals that over $1 million has been stolen from cryptocurrency users through malicious smart contracts disguised as MEV trading bots. The fraudulent activity employs AI-generated YouTube videos, old accounts, and obfuscated Solidity code to bypass basic user scrutiny and gain access to crypto wallets.
The scam centers around a smart contract marketed as a profitable arbitrage bot. Victims are directed through YouTube tutorials to deploy the contract using Remix, fund it with ETH, and invoke the 'Start()' function. However, the contract reroutes funds to a concealed wallet controlled by the attacker, using techniques such as XOR obfuscation and large decimal-to-hexadecimal conversions to mask the target address, making fund recovery more challenging.
SentinelLABS advises users to avoid deploying 'free bots' promoted on social media, particularly those involving manual smart contract deployment. The company stresses that even code deployed on testnets should undergo thorough review, as similar strategies can easily migrate across chains.
