A New Twist on Old Scams: The Arbitrage MEV Bot Deception

SlowMist
5 min readOct 13, 2024

--

Background

Earlier this year, SlowMist founder Cos warned users on X about the dangers of arbitrage MEV bot scams. Since then, cybercriminals have adapted to trending topics. What was once marketed as the “simple and easy-to-use Uniswap Arbitrage MEV Bot” has now been rebranded as the “ChatGPT Arbitrage MEV Bot: How to Use a Slippage Bot to Earn $2,000 a Day Completely Passively.”

The SlowMist security team has recently noticed an uptick in users falling victim to this type of scam. In response, this article will explain the mechanics of the scam, analyze how the scammers move stolen funds, and provide guidance to help users avoid becoming the next victim.

https://x.com/evilcos/status/1745728599171457120

How AI is Used to Deceive Users

AI has become a powerful tool for boosting productivity, and scammers are taking advantage of this trend. By slapping the label “ChatGPT” onto their scams, they manage to grab attention and appear more credible. However, in reality, ChatGPT is only briefly mentioned in the scammers’ tutorial videos. The scammers claim that they used ChatGPT to generate the bot’s code, which helps to ease users’ doubts about any malicious intent in the code.

https://www.youtube.com/watch?v=Z32hH3eLK-c

A closer look at the scam videos on YouTube reveals some red flags: the video and audio are out of sync, some footage is obviously recycled, and the account likely belongs to someone who bought it. While the comment section is flooded with praise and thanks, scrolling down further reveals warnings from actual victims.

The scammer claims their bot monitors new tokens and large price fluctuations on the Ethereum blockchain, supposedly identifying arbitrage opportunities. Users are lured into believing all they have to do is sit back and watch their money roll in. But first, the users are required to have a MetaMask wallet and click on a Remix link (a fake Remix site) provided in the tutorial.

Once users copy and paste the code, compile the bot, and deploy the smart contract, the scammer tells them they need to fund the contract to activate it. The more ETH they deposit, the greater their supposed profits. But when the user clicks “start,” the deposited ETH vanishes — funneled straight into the scammer’s wallet via a backdoor coded into the smart contract.

Let’s analyze a real example of such a scam, reported by the Web3 anti-fraud platform Scam Sniffer.

https://x.com/realScamSniffer/status/1828364436241031669

Using MistTrack, we investigated the scammers address (0xAEF35f154C318c87744913f38A6d357691258122). Since the end of August, this address has amassed approximately 30 ETH from over 100 victims.

The incoming funds are transferred from the victims following the process outlined above, with their ETH being stolen after deploying the fake smart contract. The outgoing funds are either transferred directly to exchanges or moved to temporary storage addresses (like 0xea06b983e144432919779b236ba28ece28b74ec6) before eventually reaching exchanges.

In the diagram below, addresses 0x442a4960c783affe2b6d9884f32d7cf2683a408b and 0x44d63ce270637553f89f3c2706869d98d1248da3 are also shown as the scammers collection addresses, created at the end of August. These two addresses have stolen approximately 20 ETH from around 93 victims to date.

These scammers employ a wide-net approach, stealing small amounts from many victims. Because the individual losses are relatively minor, many victims do not have the time or resources to get justice. This allows the scammers to continue their operations, often rebranding the scam under a new name. Remix has already issued warnings about these scams, and victims have been leaving comments for over two years on Remix’s Medium posts about scam analysis, providing links to scam videos to alert others. This highlights just how widespread these types of scams have become.

Summary

The SlowMist security team urges all users to avoid clicking on unknown links or running suspicious code. If scammers claim the code was generated by ChatGPT, users can at least use tools like ChatGPT or Claude to review the code and check for any malicious behavior. Many users, in pursuit of passive income, are willing to invest their capital, only to find their funds disappear after following the scammer’s instructions. Meanwhile, the scammers are the ones truly profiting, as victims unknowingly transfer their funds to the scammer’s wallet. Therefore, users should stay vigilant, double-check whether an opportunity is genuine or a trap, and protect their assets from being compromised.

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

Responses (1)