The return of the MEV bot: how scammers are using AI to reinvent themselves

An old threat in the cryptocurrency world is returning in a completely new guise. Cybercriminals have rediscovered a historic scam related to mev bots and reinvented it by exploiting the hype around artificial intelligence. According to blockchain security firm SlowMist, this rebranding represents a sophisticated strategy to attract new victims among less experienced investors, promising easy profits through automated trading bots that actually hide a deadly backdoor.

The evolution of the scam: from the old name to ChatGPT Arbitrage mev bot

A few years ago, the fraudulent scheme circulated under the name “Uniswap Arbitrage MEV Bot,” presenting itself as a legitimate trading tool. Today, that same scam has been completely revamped and is now called “ChatGPT Arbitrage MEV Bot.” The name change is no coincidence: scammers deliberately exploit the name of OpenAI and its famous AI platform to boost the product’s credibility.

“By applying the ChatGPT label to their fraudulent operations, criminals can easily attract a broader audience and appear much more credible,” SlowMist explained in its analysis report. “They claim to have used ChatGPT to generate the code for the mev bot itself, which helps dispel any user doubts about hidden malicious intents within the code.” This psychological technique of leveraging the name of a well-known company marks a significant leap in attack sophistication.

How the scam works: the backdoor smart contract strategy

The scam’s mechanism is well-crafted and exploits various human vulnerabilities. Attackers lure victims with promises of a trading mev bot capable of generating extraordinary profits, claiming the tool will automatically monitor new tokens and significant price fluctuations on the Ethereum blockchain.

The process begins with a seemingly harmless request: creating a MetaMask wallet. Next, victims are directed to click a link that takes them to Remix, the open-source platform commonly used by Ethereum developers. Once there, they are asked to copy and deploy the alleged mev bot code. Up to this point, everything seems legitimate and based on standard blockchain development procedures.

The final blow comes when users are told to “activate” the bot by depositing ETH into the smart contract. Scammers insist that the more Ether transferred, the higher the supposed profits generated. But what actually happens is quite different: “As soon as the user clicks the ‘start’ button, all the deposited ETH immediately disappears, routed directly into the criminal’s wallet via a backdoor embedded in the smart contract itself,” SlowMist revealed. “The stolen funds are then transferred to exchanges or moved to temporary storage addresses to obscure the trail.”

Scam figures: three addresses and hundreds of victims

SlowMist identified and analyzed three scammer addresses actively using these techniques to rob unsuspecting users. The data is alarming: one address stole about 30 Ether, worth over $78,000, from more than 100 different victims over several months. The other two addresses collectively stole 20 Ether, totaling over $52,000, from 93 additional victims.

What makes this criminal strategy particularly effective is the so-called “broad network approach”: scammers steal small amounts from many victims, relying on the fact that most robbed users won’t bother to recover their funds. “Since individual losses remain relatively small, many victims simply lack the time or resources to pursue legal action or fund recovery,” SlowMist noted. “This allows criminals to continue their operations undisturbed, often just changing the scam’s name and relaunching the scheme.”

Warning signs in promotional videos: how to spot the scam

A key component of spreading these mev bot scams is through online promotional videos, especially on YouTube. SlowMist reported that the network contains a large amount of content actively promoting this type of scheme. Fortunately, there are several warning signs that can help identify these deceptive videos before falling victim.

The first sign is desynchronization between audio and video. If the footage shows obvious discrepancies between what you hear and what you see on the screen, it’s a serious red flag. Reusing material from other sources is also a strong indicator of fraudulent content. A second crucial sign is the unusual comment pattern: if you notice an unusually high number of praise and thank-you messages at the beginning of the thread, followed by later comments explicitly warning about the scam, you’re essentially looking at a real-time map of the fraud.

Recognizing these patterns allows investors to protect themselves and avoid transferring funds to addresses controlled by criminals. Maintaining a high level of skepticism toward any promises of easy, automated gains is essential, regardless of how sophisticated or credible the mev bot’s name or presentation may appear.