MEV Scams Evolve: SlowMist Reveals How ChatGPT is Used to Set Up Arbitrage Fraud

The founder of the cybersecurity team SlowMist, Yu Xian, warned on Twitter earlier this year to beware of arbitrage MEV bot scams. Since then, scammers have also "kept up with the times," adjusting their scam tactics with popular topics. What was originally known as the "easy-to-use Uniswap arbitrage MEV bot" scheme is now being repackaged as "ChatGPT arbitrage MEV bot: How to easily earn $2,000 per day using slippage bots."

SlowMist stated that an increasing number of users have recently fallen victim to such scams. To help users avoid becoming the next victim, SlowMist has detailed explanations of how these scams operate, analyzing how scammers transfer stolen funds and providing practical security measures.

What is MEV?

MEV stands for Maximum Extractable Value, which refers to the practice of using the "transaction order" on the blockchain to profit, typically carried out by miners or trading bots.

Common MEV Strategies:

1. Front Running: Someone places a large buy order, and miners can buy in front of it, then sell after the user has made the purchase to profit from the price difference.

2. Liquidation Arbitrage: When the price of collateral drops on a DeFi platform, miners can prioritize liquidation and earn liquidation rewards.

3. Sandwich Attacks: Attackers buy before a user's large buy order, raise the price, then immediately sell to make a profit, sandwiched between the user's trades, like a sandwich.

4. Back-Running: If a transaction is likely to cause price fluctuations, miners will follow their own transaction after that trade to profit from price changes.

5. Arbitrage Trading: Identifying price differences between different platforms, buying low and selling high to profit from the price spread.

The MEV scam involves deceiving users by exploiting arbitrage opportunities on the chain, claiming to help users utilize MEV technology for automatic arbitrage on decentralized exchanges to easily earn high returns.

MEV Scam Operation Process:

1. Bait: Scammers claim to have a "simple and easy-to-use" MEV bot that helps users automatically capture arbitrage opportunities on the chain, making money with simple settings.

2. Fake Website and Code: Providing a fake website or tool where you copy the code as instructed to deploy a smart contract, but it is actually a scam smart contract.

3. Deposit: Scammers will ask you to deposit some cryptocurrency into the contract, usually Ether, claiming the more you deposit, the more you earn.

4. Funds Transfer: Once you deposit funds and "activate" the contract, the funds are transferred directly to the scammer's wallet.

New MEV Bot attack strategy targeting multiple victims at once

Scammers Using ChatGPT to Attract Innocent Victims

As AI technology becomes more powerful, scammers are also "keeping up with the times" and riding the AI wave. Recently, many scammers have used videos to deceive victims, claiming in the video to generate robot code with ChatGPT, reducing user suspicion. Upon closer inspection, it can be seen that the video's audio and visuals do not match, some segments are even repeated, and the account that posted the video looks like it was bought.

The comments section is full of false praise and "thanks" from the scammers' recruited friends and family, but scrolling further down reveals warnings from victims.

The scammers claim that their robot can monitor new tokens and price fluctuations on Ethereum, automatically capturing arbitrage opportunities for you to earn money effortlessly. Users need to have a MetaMask wallet, follow the video instructions, and click on a fake link to the Ethereum contract compiler Remix in the tutorial.

Victims copy the code, compile the robot, deploy the smart contract, and the scammers tell them they need to provide funds to activate the contract. The scammers also claim that the more ETH you deposit, the more you earn. Once the victim clicks "activate," the deposited ETH disappears instantly, transferred to the scammer's wallet.

SlowMist Analyzes Real Cases Reported by Security Company ScamSniffer

SlowMist uses ScamSniffer to provide a scam address 0xAEF35f154C318c87744913f38A6d357691258122, indicating that since the end of August this year, this address has accumulated about 30 ETH from over 100 victims.

The funds obtained are transferred as shown in the image, where victims' ETH is immediately stolen after deploying the fake smart contract.

In the image, scammers created two wallets at the end of August this year with the addresses:

• 0x442a4960c783affe2b6d9884f32d7cf2683a408b
• 0x44d63ce270637553f89f3c2706869d98d1248da3

So far, scammers have used these two addresses to scam nearly 20 ETH from about 93 victims.

Scammers Cast Wide Nets to Steal Small Amounts of Funds

SlowMist states that these scammers adopt a "wide net" approach to steal small amounts of funds from numerous victims. Since each person's losses are relatively small, many victims often do not want to spend time or resources to pursue, thus enabling these scammers to continue their illegal activities and often repackage scams with new names. Ethereum contract compiler Remix has also issued warnings about similar scams, with victims posting warnings in Remix's Medium post, providing links to scam videos, reminding others to be cautious, highlighting the prevalence of such scams.

Exercise Caution Before Investing

SlowMist also reminds everyone not to click on unfamiliar links or execute code from unknown sources. If scammers claim the code is generated by ChatGPT, users can check it themselves with tools like ChatGPT or Claude to see if there are any malicious programs hidden inside. Many investors, with the mindset of earning passive income, invest their funds and follow the scammers' instructions without using their own judgment, ending up not earning anything and letting scammers take advantage. Before investing, please be cautious and careful.

Bull market crypto scams rampant, how to defend? SlowMist introduces various scam tools and phishing paths