MEV bots and scam schemes are renaming themselves exploiting the AI hype to deceive users

A wave of scams in the crypto world is increasingly affecting more people. The name changes, but the strategy remains the same: according to SlowMist, a blockchain security company, cybercriminals are recycling old trading bot scams, attaching AI-related names to appear more legitimate. In a recent report published mid-October, SlowMist documented how the creators of these scams have reinvented their MEV bots by exploiting media hype around OpenAI’s ChatGPT, transforming traditional “Uniswap Arbitrage Bots” into the trendier “ChatGPT Arbitrage Bots.”

The tactic is as sneaky as it is effective. “By adding ChatGPT to the scam’s name, criminals manage to grab attention and gain a veneer of credibility,” SlowMist explained. The promise is enticing: an intelligent MEV bot that constantly monitors Ethereum price fluctuations and new tokens, allowing users to generate significant profits from automated trading. “Scammers claim to have used ChatGPT to develop the code,” the analysis continues, “a statement meant to dispel users’ doubts about potential malicious code in the program.”

From ‘Arbitrage Bot’ to ‘ChatGPT Bot’: the evolution of the scam

The brilliance of this recycling lies in its simplicity: there’s no need to invent new scams when you can just rename proven ones. SlowMist traced the evolution of these fraudulent MEV bots, documenting how the same scam mechanics, unchanged over the years, continue to thrive simply by changing labels. The shift from the previous name to the new “ChatGPT” version exemplifies how bad actors follow viral trend cycles.

The deception process follows a precise, well-oiled pattern. Victims are lured online with promises of automatic earnings. They are instructed to create a MetaMask wallet and directed to a deceptive link on Remix, an open-source environment where the supposed bot’s code is distributed. Up to this point, the operation appears legitimate. The critical moment comes when users are asked to “activate” the bot by funding a smart contract. Here, the promise becomes insidious: the more ETH deposited, the higher the supposed profits generated by the MEV bot.

Three concrete cases: how MEV bots defrauded tens of thousands of dollars

Behind SlowMist’s theoretical analysis are stories of real, quantifiable fraud. The security firm identified three scam addresses operating under this methodology. The first committed thefts of 30 ETH from over 100 victims between August and the report date, amassing a loot exceeding $78,000. The next two addresses raided 20 ETH each from 93 victims, with total damages surpassing $52,000 per group.

What makes these crimes particularly insidious is the underlying economic strategy, described by SlowMist as a “broad network approach.” Instead of targeting a few wealthy victims, scammers operate with micro-frauds distributed across many users: each individual loses a relatively modest amount. This criminal calculus is deliberate. As SlowMist highlights: “Because individual losses remain relatively small, many victims even refrain from legal action, considering the effort disproportionate to the amount stolen.” This perverse logic allows criminals to continue unimpeded, often renaming their MEV bot after some time to keep the scam cycle alive.

Spotting the danger: warning signs hidden in promotional videos

SlowMist has observed a worrying proliferation of promotional content on YouTube and other video platforms advertising these deceptive MEV bots. Learning to recognize indicators of potential scams has become an essential skill for crypto ecosystem participants. Some visual red flags include poor synchronization between audio and video or videos recycled from other sources without original modifications. Another warning sign is an abnormal concentration of laudatory comments in the early stages of a thread, followed by messages from users later exposing the fraudulent nature of the project.

According to SlowMist, the resilience of these scams lies in their ability to continually reinvent themselves. When a name stops generating enough victims, a variation in the name and promotional narrative—such as shifting from a “traditional bot” to a “ChatGPT bot”—allows bad actors to restart the cycle. The crypto community remains exposed to a persistent threat: MEV bots that change appearance but maintain the same criminal intent, always ready to exploit the latest trends to attract unwitting new victims.