Researchers expose Ethereum drainers posing as trading bots to steal crypto

SentinelLABS reported cryptocurrency scams using fake trading bots to drain Ethereum and other coins. The scammers reportedly use old YouTube accounts and strategically placed comments to create a false perception of legitimacy to target crypto traders through social media and video content distribution.

The threat actors advertise fake crypto trading bots through YouTube videos targeting users. The videos explain how to deploy smart contracts on Remix Solidity Compiler, with the scammers presenting these tools as legitimate arbitrage or MEV bots for profit.

Scammers use YouTube videos to distribute fake MEV trading bots

The videos show a deliberate effort to use older YouTube accounts to appear credible. First, the scammers post cryptocurrency news playlists and off-topic content to boost account rankings to make accounts seem like trusted, legitimate crypto sources.

Many videos appear AI-generated based on audio and visual characteristics. Narrators also have unnatural voice tones and only look directly at the camera. No side profile angles consistently appear in these fake presentations.

Typically, AI-generated content saves costs compared to hiring human actors for videos. The most successful scam video did not use AI generation. This particular video generated over $900,000 in stolen funds from victims.

One YouTube channel @todd_tutorials posted step-by-step deployment instructions for malicious contracts. The video became private after research began, but displayed AI characteristics. Another channel @SolidityTutorials featured similar content in April 2024 presentations.

@Jazz_Braze created the most successful scam video titled MEV Bot tutorial. The video gained 387,000+ views and appeared more legitimate than others. The account uploaded nearly 100 pop culture videos between 2022-2024.

The account operator likely built credibility over time through consistent uploads. Old YouTube accounts sell for $6 to thousands on Telegram channels. Comment sections remain overwhelmingly positive through moderation, filtering negative feedback automatically.

Malicious smart contracts hide attacker addresses

The fake trading bots contain malicious smart contracts written in Solidity programming language. These contracts target Ethereum and other blockchain networks for fund theft. Attackers use different obfuscation techniques to hide their wallet addresses from victims.

The attacker-controlled wallet address stays hidden within smart contract code making detection difficult. SentinelLABS found multiple obfuscation methods across different contracts including XOR operations. String concatenation and large decimal conversions also conceal attacker wallets effectively.

The contracts appear as legitimate MEV bots monitoring price differences across exchanges. Victims believe they’re deploying profitable arbitrage tools for automated trading.

Multiple unique attacker addresses exist making it unclear how many actors operate. The same wallet appeared across several weaponized smart contracts consistently.

Campaign generates over $900,000 in stolen Ethereum

The scam campaigns achieved varying degrees of financial success across different operations. A recent April 2025 scam received 7.59 Ethereum worth approximately $28,000 from victims. SolidityTutorials video scam netted 4.19 ETH, valued at around $15,000 total.

Jazz_Braze’s video campaign stands out as the most profitable, generating massive returns. The attacker’s wallet collected 244.9 ETH, worth approximately $902,000 from contract deposits. These funds were later withdrawn to other addresses in bulk transfers.

The stolen funds moved to 24 different Ethereum addresses after collection. Attackers distributed money across multiple wallets to avoid detection and tracking. This distribution pattern suggests sophisticated money laundering operations behind the scams.

Various campaigns have operated since early 2024 with different success rates. The scams continue targeting new victims through social media platforms. Attackers manage comment sections by deleting negative feedback to maintain false legitimacy.

Users often go to platforms like Reddit when YouTube comments get censored.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot