A widespread cryptocurrency scam operating through YouTube has reportedly stolen over 256 ETH, according to cybersecurity firm SentinelLABS. The scam involves malicious actors using aged YouTube accounts to promote fraudulent crypto trading bots. These bots are actually smart contracts designed to drain cryptocurrency from unsuspecting victims.

The scammers create a facade of legitimacy by using YouTube accounts that have a history of posting crypto news, investment tips, or other general content. These videos offer advice on how to deploy a crypto trader bot, but in reality, it's a ruse to steal crypto. The offered smart contract code contains a hidden attacker's wallet, disguised as a trading address. When a user funds the contract, the attacker gains access and drains the funds. To entice victims, scammers often suggest depositing at least 0.5 ETH (approximately $1,829) to cover gas fees and ensure worthwhile profits.

SentinelLABS' investigation revealed that these scams have been ongoing since at least early 2024 and have had varying degrees of success. One identified scammer wallet received 7.59 ETH, another 4.19 ETH, and a third held a substantial 244.9 ETH, collectively worth over $939,000. It appears the same wallet is used across multiple weaponized smart contracts, but the exact number of individuals behind the scam remains unclear due to the use of numerous unique addresses.

These scam videos often exhibit red flags. The YouTube accounts involved typically have a long history of posting various types of content to appear credible. In some instances, the videos seem to be AI-generated, which allows the actors to easily create multiple scam videos. These AI-generated videos can be identified by unnatural voice tones and cadences from the narrator. Furthermore, the comment sections of these videos are often curated to remove negative feedback, pushing users to platforms like Reddit to find additional information. The unlisted videos are distributed to victims through other social media platforms, possibly including Telegram.

SentinelLABS advises crypto users to exercise extreme caution when considering trading tools promoted through unverified social media or video content. Alex Delamottea, a senior threat researcher with SentinelLABS, emphasized the increasing complexity of the cryptocurrency ecosystem and the importance of thoroughly analyzing the functionality of any related tools. This includes scrutinizing the inputs and outputs to avoid falling victim to such scams.