According to a new Sentinellabs report.
The campaign took advantage of the YouTube videos generated by AI, aged accounts and obfuscated solidity code to avoid the basic user scrutiny and obtain access to cryptographic wallets.
The scammers seemed to be using avatars and voices generated by AI to reduce production costs and expand the video content.
These tutorials are published in aged YouTube accounts populated with unrelated content and sections of manipulated comments to give the illusion of credibility. In some cases, the videos are not on the list and are probably distributed through Telegram or DMS.
In the center of the scam there was an intelligent contract promoted as a profitable arbitration bot. The victims received instructions through YouTube tutorials to implement the contract using Remix, finance it with ETH and call a “start ()” function.
In fact, however, the contract encreated the funds to a hidden wallet and controlled by the attackers, using techniques such as the obfuscation of Xor (which hides the data when pulling them with another value) and large decimal conversions to Hex (which make large numbers in legible management formats) to mask the destination address (which makes the recovery of funds more triper).
The most successful identified address – 0x8725 … 6831 – obtained 244.9 ETH (approximately $ 902,000) through unsuspecting deployment deposits. That wallet was linked to a video tutorial published by account @Jazz_brazeHe still lives on YouTube with more than 387,000 views.
“Each contract establishes the victim’s wallet and a hidden attacker EOA as co -owners,” said Sentinellabs researchers. “Even if the victim does not activate the main function, the accommodation mechanisms allow the attacker to withdraw deposited funds.”
As such, the success of the scam has been broad but unequal. While most attackers wallets scored four to five figures, only one (linked to Jazz_braze) cleared more than $ 900k in value. The funds moved later in bulk to secondary directions, probably to further fragment traceability.
Meanwhile, Sentinellabs warns users to avoid the implementation of “free bots” announced on social networks, especially those that involve a manual implementation of intelligent contracts. The firm emphasized that even the code implemented in the test networks should be thoroughly checked, since similar tactics can easily migrate through the chains.
Read more: Multisig Fallures dominate since $ 3.1b is lost in web3 hacks in the first half
