An arbitrage MEV bot can take all your funds. We explain why

Every day, scammers come up with new schemes to defraud, making them more cunning and dodgy. GetBlock AML Research has discovered a new and unconventional method of fraud that can mislead even experienced market participants. In question are arbitrage MEV bots.

What are MEV bots and why are they popular?

MEV bots appeared as a result of the evolution of the DeFi (decentralized finance) sphere. They are special programs that can be validators in the blockchain and streamline the execution of transactions. Many people mistakenly believe that MEV bots are created solely for the sake of making money, but this is not entirely true. They may make money, but their main goal is to make sure that transactions on the blockchain do not freeze and are executed as quickly as possible.

Especially skillful MEV bots are capable of earning millions of dollars in profits thanks to sandwich attacks and other algorithms. For example, the Solana network has one of the most efficient MEV bots, which managed to earn more than $30 million in just two months in 2024.

Stage is yours

Scammers decided to take advantage of the hype around MEV bots and their million-dollar profits. They assure that everyone can launch their own arbitrage MEV bot, which will bring daily passive profit of $2000.

On YouTube and social networks, you can find a huge number of instructions with the title “Learn how to Use ChatGPT AI for 1ETH Daily”. Here is an example of such a video. The author of the video suggests the following pattern:

• You need to enter the correct prompt into ChatGPT or another similar neural network;
• Get the source code of an arbitrage MEV bot;
• Deploy a smart contract based on the received code;
• Sit back and watch the MEV bot make you millionaires.

But everything is easy and simple only at first glance. In reality, there are nuances. A caring scammer provides a “correctly generated” and working source code of an arbitrage MEV bot with a backdoor inside it.

Malicious code from the video, on the fake Remix website (note the wrong link)

In the deployment phase of a smart contract, a small amount of ETH needs to be deposited into it for validation. In this step, the scammer says that the size of the deposited cryptocurrency will determine the bot’s earnings. The more ETH deposited into the smart contract, the greater the potential earnings. The magic is that after launching a smart contract with a backdoor, all the cryptocurrency is sent to the fraudster’s address.

One of the first such cases of fraud was recorded by the analytics platform Web3 Scam Sniffer. In this case, the victim lost 4 ETH (equivalent to $8 300).

0xAEF35f154C318c87744913f38A6d357691258122 is one of the scam addresses that they no longer use. In the fall of 2024, this address was used to defraud more than 100 victims, earning 30 ETH (equivalent to $62 300). Scammers transfer the obtained cryptocurrency directly to exchanges or to special addresses for storage.

0x442a4960c783affe2b6d9884f32d7cf2683a408b, 0x44d63ce270637553f89f3c2706869d98d1248da3 are two more addresses from a common fraudulent network that received almost 20 ETH from 93 victims (equivalent to $41 600).

The scheme is still running, as victims who lost relatively small amounts have no ability or resources to seek refunds and punishment for the scammers.

How to protect yourself

To avoid becoming a victim of the scheme described above, you should treat third-party source code very carefully, even if it is presented as a result of neural network work. If you do not have the ability and knowledge to analyze and audit the code yourself, you should not use it at all.

You should also not trust influencers in social networks that promise a guaranteed and high income.