MEV bots disguised as ChatGPT: how hackers exploit AI to steal millions in ETH

A wave of sophisticated scams is hitting the crypto community, with cybercriminals recycling old fraud schemes by simply rebranding their MEV bots. Blockchain security firm SlowMist has revealed how scammers are riding the hype around artificial intelligence, rebranding their fraudulent operations with names related to ChatGPT and OpenAI to gain the trust of unsuspecting investors.

How the masked MEV bot scam works

The old guard of automated trading fraud has abandoned names like “Uniswap Arbitrage MEV Bot” in favor of more modern and enticing versions. Today, the same scammers promote their tools as “ChatGPT Arbitrage MEV Bot,” leveraging the association with OpenAI’s popular chatbot. According to SlowMist, this rebranding strategy is incredibly effective: the name ChatGPT provides an aura of technological legitimacy that disarms potential victims’ doubts.

Criminals claim to have used ChatGPT to automatically generate their bot code, creating the illusion of a sophisticated and reliable solution. In reality, the core mechanism remains the same as previous versions of the fraudulent MEV bot: users are lured by promises of automatic profits through monitoring price fluctuations on Ethereum and emerging tokens.

The role of ChatGPT: making the deception believable

Attributing the scam to ChatGPT is no coincidence. Scammers exploit the widespread perception that artificial intelligence is advanced and infallible. Labeling their scams with the name of a popular AI tool helps dispel suspicions about malicious intent hidden in the code. It’s a sophisticated form of social engineering that plays on the technological trust of targets.

The scam mechanism: from wallet to backdoor

The fraudulent process follows a methodical pattern. Victims are instructed to create a MetaMask wallet and visit the open-source Remix platform, where a fake link is provided. Once the MEV bot code is copied and deployed on the blockchain, users are told to deposit ETH into the smart contract to “activate” the system.

The critical moment occurs at activation: when the user clicks the “start” button, all the deposited ETH vanishes instantly. The funds are not used to generate profits as promised but flow directly into the scammer’s wallet through a backdoor programmed into the smart contract. SlowMist has discovered that the stolen funds are then transferred to cryptocurrency exchanges or moved to temporary addresses to cover their tracks.

Real cases: SlowMist uncovers 3 active scammer addresses

SlowMist’s analysis identified three main scammer addresses operating with this technique. The first has stolen over 30 Ether, worth more than $78,000 at the time of discovery, from over 100 victims since August 2024. The other two addresses each stole 20 Ether (about $52,000), affecting a total of 93 victims.

These numbers underestimate the real problem. Scammers adopt what security experts call a “broad network approach”: they steal relatively small amounts from a large number of people. The strategy is insidious: individual losses are small enough that most victims choose not to pursue legal action, considering the effort to recover the funds would outweigh the loss.

Why they keep getting away with it

“Since individual losses remain small, many victims simply lack the time or resources to seek justice,” SlowMist emphasized in its analysis. This cycle of relative impunity allows criminals to continue operations, simply renaming the scam with a new name when the previous version starts raising suspicion. It’s a particularly resilient scam business model.

How to protect your wallet: warning signs to recognize

SlowMist warns that numerous promotional videos on YouTube continue to advertise these scam schemes. The warning signs are specific and recognizable:

• Poor audio-video synchronization: videos are often poorly recorded, with audio and video out of sync
• Recycled content: many videos contain footage copied from other sources
• Suspicious comment section: an unusually high number of praise and thank-you comments in the early messages, followed by comments later exposing the scam

These indicators suggest an organized disinformation operation rather than authentic content. The main rule remains evergreen: no legitimate trading bot guarantees automatic profits without risk, and AI technology does not turn a scam into a legitimate opportunity.