A network of crypto scammers is exploiting aged YouTube accounts to promote trading bots that trick users into deploying malicious smart contracts designed to drain their wallets.
Highlighting the severity of this “widespread and ongoing” threat, senior threat researcher Alex Delamotte from SentinelLABS warned that crypto users who trust unverified tools promoted in video content are putting themselves at risk of sophisticated scams disguised as promising opportunities.
How does the scam work?
According to SentinelLABS, the scam begins with YouTube videos that appear to provide step-by-step tutorials on how to deploy profitable crypto trading bots. These videos—often featuring AI-generated visuals and voiceovers—guide viewers to an external website hosting smart contract code.
Users are then instructed to deploy this code using Remix, a widely used Ethereum development platform, under the false promise of launching an arbitrage or MEV (Maximal Extractable Value) bot.
In reality, the smart contract is engineered to conceal an attacker-controlled wallet address. SentinelLABS noted that the code often employs obfuscation techniques—such as XOR operations, string concatenation, and hexadecimal address derivation—to hide the malicious components from plain sight.
Once a user deploys the contract and funds it with Ether, hidden failover mechanisms within the code allow the attacker to steal the funds.
Victims are typically urged to deposit at least 0.5 ETH, supposedly to cover gas fees and maximize returns. This initial funding is crucial, as it activates the malicious contract logic, enabling the attacker’s wallet to siphon off the deposited assets.
In some instances, even if users don’t manually trigger the contract, fallback functions built into the code still grant the attacker access to the funds.
Scammers are raking in substantial profits
Delamottea’s investigation uncovered several scammer-controlled wallets, with one in particular standing out. Linked to the YouTube account “@Jazz_Braze,” this address collected 244.9 ETH—over $900,000—through the malicious smart contracts.
SentinelLABS tracked the flow of the stolen funds across more than two dozen secondary wallets, indicating that the scammers were actively laundering the proceeds.
Other scammer addresses, while less lucrative, still recorded significant activity, with average inflows exceeding $10,000 in ETH. Each wallet was tied to different YouTube videos or channels, many of which featured AI-generated narrators and tightly moderated comment sections designed to suppress criticism and amplify fake success stories.
SentinelLABS also observed that the YouTube accounts involved in the scam were aged and had previously hosted content related to cryptocurrency or pop culture, including playlists and videos.
The report suggests that many of these accounts were likely purchased from online marketplaces, where aged YouTube channels are frequently traded—often via Telegram groups or searchable public platforms.
This aging tactic helps boost visibility and trust, making it harder for viewers to identify the malicious intent in most cases.
What are crypto trading bots actually?
In legitimate contexts, crypto trading bots are algorithmic tools designed to automatically execute buy and sell orders based on predefined strategies. These bots often operate across multiple exchanges, seeking to capitalize on price discrepancies or market trends, and are capable of executing trades much faster than a human trader.
With the integration of artificial intelligence, trading bots have become more adaptive and efficient, able to carry out complex strategies at scale. When properly developed and vetted, they serve as powerful automation tools for advanced traders and institutions, particularly in high-frequency trading environments like cryptocurrency markets.
One prominent category of these bots is MEV bots—short for Maximal Extractable Value. These bots monitor blockchain mempools and manipulate transaction ordering within blocks to extract profit. Their strategies may include front-running, back-running, or sandwiching legitimate user transactions.
Although MEV bots operate within the legal boundaries of blockchain protocols, some have been weaponized by malicious actors. A notable example is the MEV sandwich bot “arsc,” which used automated tactics to siphon nearly $30 million from Solana users by front-running their transactions in real time.
A word of caution for crypto traders
SentinelLABS emphasized that although trading bots can serve legitimate purposes, investors should remain highly cautious—particularly when the code is sourced from social media videos that promise exaggerated returns.
“To protect themselves from these scams, crypto traders should steer clear of deploying code promoted by influencers or shared through social media posts,” warned Delamottea. “If something seems too good to be true, it probably is—especially in the world of cryptocurrency.”
