The Sentinelabs cybersecurity company discovered a sophisticated scam campaign which siphoneed more than $ 900,000 with without distrust cryptography.
According to the report, the attackers use malicious intelligent contracts based on Ethereum disguised as commercial robots to target people who follow educational content apparently on YouTube.
The report added that these scams have been active since the beginning of 2024 and are constantly evolving through new videos and accounts.
How does the scam work
The fraudulent scheme revolves around Youtube videos that offer tutorials on the deployment of automated trading robots, in particular maximum extractable value robots (MEV), via the remix solidity compiler, a popular web ideas based on the web for the development of intelligent contracts.
These videos decrease viewers to download the intelligent contract code from external links. Once deployed, the contracts are scheduled to drain the funds directly from the user portfolio.
The crooks invest in the aging of YouTube accounts to appear credible, filling them with cryptocurrency content off-topic or apparently legitimate. This strategy makes it possible to stimulate visibility while strengthening the illusion of confidence.
Videos generated by AI
A notable tactic in this campaign is the use of videos generated by AI. Depending on the company, many tutorial clips have synthetic voices and faces with robotic tones, a unnatural rate and rigid facial movements.
This approach allows authors to quickly produce scam content without hiring real actors, which considerably reduces operational costs.
However, the most lucrative video discovered by Sentinellabs – responsible for drainage of more than $ 900,000 – was created by a real person, not an Avatar of the AI. This suggests that although automation improves scalability, the content generated by humans can still lead to higher conversion rates.
Meanwhile, Sentinellabs has also found several iterations of armed contracts, each using variable obscure techniques to mask exterior property accounts controlled by the attacker (EOA).
While some contracts shared a common portfolio address, many others used separate destinations, which makes it difficult to determine the question of whether the campaign is the work of a single entity or multiple threat actors.
Given this, Sentinelabs warned that the mixture of web3 tools, social engineering and generative AI presents an increasing threat landscape.
The company has urged Crypto users to check all external sources of code and to remain skeptical on the truncia robots that are too beautiful – in particular those promoted via unparalleled YouTube tutorials
(tagstotranslate) ai
Source link
