Users Fall Victim to Revamped Old Scam
Blockchain security firm SlowMist has highlighted a resurgence of an old trading bot scam, now rebranded to exploit the growing excitement around artificial intelligence (AI).
In a 13 October post, SlowMist revealed that cybercriminals are leveraging the popularity of OpenAI's ChatGPT to give their fraudulent bots an air of legitimacy.
Previously marketed as "Uniswap Arbitrage MEV Bots," these scams are now being promoted as "ChatGPT Arbitrage MEV Bots," capitalising on the current AI trend to deceive unsuspecting users.
THE CHATGPT MEV BOT SCAM
The scammers are at it again, rebranding their shady MEV trading bots with that sweet ChatGPT buzz.
What was once a “Uniswap Arbitrage MEV Bot” is now a “ChatGPT Arbitrage MEV Bot,” promising crazy profits.
But here’s the kicker: once you deploy that… pic.twitter.com/FZyoNGseE1
— Mario Nawfal’s Roundtable (@RoundtableSpace) October 15, 2024
The firm wrote:
“By slapping the label "ChatGPT" onto their scams, they manage to grab attention and appear more credible. However, in reality, ChatGPT is only briefly mentioned in the scammers' tutorial videos. The scammers claim that they used ChatGPT to generate the bot's code, which helps to ease users' doubts about any malicious intent in the code.”
Fake Promise of High Returns
SlowMist has reported that scammers are enticing users with the promise of a trading bot capable of generating significant profits by tracking new tokens and price fluctuations on Ethereum.
Victims are instructed to create a MetaMask wallet and click on a fraudulent link via the open-source platform Remix.
Once they deploy the copied code, they are asked to fund the smart contract to "activate" the bot.
⚠️最近有朋友说中招了这个:
Easy to Use Arbitrage MEV Bot for Uniswap
所谓的 Uniswap 套利 MEV 机器人,上头了,哪有这种好事留给你...按说明用 Remix 部署陷阱合约代码,实际上可以先在 Remix VM 部署,并且在 Start/Stop/Withdrawal… pic.twitter.com/LUoaWNjESZ
— Cos(余弦)😶🌫️ (@evilcos) January 12, 2024
SlowMist wrote:
“Once users copy and paste the code, compile the bot, and deploy the smart contract, the scammer tells them they need to fund the contract to activate it. The more ETH they deposit, the greater their supposed profits. But when the user clicks "start," the deposited ETH vanishes — funneled straight into the scammer's wallet via a backdoor coded into the smart contract.”
The firm added on:
“The outgoing funds are either transferred directly to exchanges or moved to temporary storage addresses.”
SlowMist identified three scammer addresses using this method, stealing substantial amounts from unsuspecting users.
Since August, one address has stolen 30 Ether (over $78,000) from more than 100 victims, while two others have taken 20 Ether (over $52,000) from 93 victims combined.
⚠️ 9 hours ago, another victim lost 4 ETH to this type of scam. https://t.co/4RQzW8LYik pic.twitter.com/wRLksbvsMQ
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) August 27, 2024
These scammers adopt a "wide-net" strategy, taking smaller amounts from numerous victims, who often don't pursue recovery efforts due to the small sums involved.
The firm noted:
“Because the individual losses are relatively minor, many victims do not have the time or resources to get justice.”
It added:
“This allows the scammers to continue their operations, often rebranding the scam under a new name.”
The firm also noted that YouTube is rife with videos promoting these scams.
Warning signs include videos where the audio and video are out of sync, or recycled footage from other sources.
A high volume of positive comments, followed by later updates exposing the scam, is another red flag users should be wary of.
🚨 Scammers are embedding MEV bot scams into tutorials, using AI buzzwords like ChatGPT to appear credible. They promise easy profits, but in reality, your funds are being funneled into scammer wallets.
Learn how they operate and how to protect yourself in our latest article.…
— SlowMist (@SlowMist_Team) October 13, 2024
The team concluded:
“The SlowMist security team urges all users to avoid clicking on unknown links or running suspicious code. If scammers claim the code was generated by ChatGPT, users can at least use tools like ChatGPT or Claude to review the code and check for any malicious behavior. Many users, in pursuit of passive income, are willing to invest their capital, only to find their funds disappear after following the scammer’s instructions. Meanwhile, the scammers are the ones truly profiting, as victims unknowingly transfer their funds to the scammer’s wallet. Therefore, users should stay vigilant, double-check whether an opportunity is genuine or a trap, and protect their assets from being compromised.”
