Malicious crypto trading bots siphon over $900k via aged YouTube accounts

A network of crypto scammers is leveraging aged YouTube accounts to push trading bots that lure users into deploying malicious smart contracts capable of draining their wallets.

Sounding the alarm on this “widespread and ongoing” threat, senior threat researcher Alex Delamottea from SentinelLABS warned that crypto users who rely on unvetted tools promoted through video content are exposing themselves to sophisticated theft scams disguised as opportunity.

How does the scam work?

According to SentinelLABS, the scam begins with YouTube videos that appear to offer step-by-step tutorials on deploying profitable crypto trading bots. These videos, often produced using AI-generated visuals and narration, direct users to an external site containing smart contract code. 

Viewers are told to deploy the code on platforms like Remix, a popular Ethereum development environment, under the pretense of activating a so-called arbitrage or MEV (Maximal Extractable Value) bot.

However, the contract is deliberately designed to conceal an attacker-controlled wallet. In many cases, the code was found to be using various obfuscation techniques, such as XOR operations, string concatenation, or address derivation through hexadecimal conversion, to hide the scammer’s address from plain view.

Once the victim deploys the contract and funds it with Ether, the attacker can extract those funds using hidden failover mechanisms embedded in the contract logic.

SentinelLABS found that victims are encouraged to deposit a minimum of 0.5 ETH to cover supposed gas fees and increase potential profits. This initial deposit is critical to triggering the contract’s logic, which, once executed, allows the attacker’s address to siphon off the funds.

In some cases, even if users don’t explicitly activate the contract, built-in fallback mechanisms still allow the attacker to gain control of the assets.

Scammers are making big money

Delamottea’s investigation revealed multiple unique scammer-controlled addresses, though one wallet stood out. The address associated with the YouTube user “@Jazz_Braze” received 244.9 ETH—worth over $900,000—via these contracts. 

SentinelLABS traced the movement of these stolen funds across more than two dozen secondary addresses, concluding that the funds were being laundered.

Meanwhile, other scammer wallets were less successful but still notable, with inflows averaging over $10,000 in ETH.

All these wallets were tied to different YouTube videos or channels, many of which featured AI-generated narrators and heavily moderated comment sections that filtered out negative feedback while promoting fabricated testimonials of success.

SentinelLABS also noted that the YouTube accounts used in the scam were aged and previously hosted playlists or videos related to cryptocurrency or pop culture. 

According to the report, some of these accounts were possibly bought from online marketplaces, where aged YouTube channels are commonly sold through Telegram groups or search-indexed marketplaces.

This aging tactic helps boost visibility and trust, making it harder for viewers to identify the malicious intent in most cases.

What are crypto trading bots actually?

In legitimate settings, trading bots are algorithmic tools that execute buy or sell orders based on preset strategies. They are often capable of operating across multiple exchanges to take advantage of price inefficiencies or market trends, often aiming to execute trades faster than a human could.

With the advent of artificial intelligence, these applications have become more adaptive, efficient, and capable of executing complex strategies at scale, and when properly built and vetted, serve as automation tools for sophisticated traders and institutions, especially in high-frequency environments like crypto.

One well-known category of these tools includes MEV bots, which attempt to extract value from transaction ordering within blocks. MEV stands for Maximal Extractable Value, and these bots monitor blockchain mempools to strategically front-run, back-run, or sandwich legitimate user transactions. 

While MEV bots are technically legal, bad actors have also weaponized them. For instance, the MEV sandwich bot “arsc” leveraged automated strategies to extract nearly $30 million from unsuspecting Solana users by front-running transactions in real time.

A cautionary note for crypto traders

SentinelLABS stressed that while trading bots have legitimate uses, investors must exercise extreme caution, especially when the source code is coming from a social media video promising unrealistic gains.

“To defend against these types of scams, crypto traders are advised to avoid deploying code shilled through influencer videos or social media posts,” Delamottea warned, adding that “if an offering seems too good to be true, it usually is—especially in the cryptocurrency world.”