Some Scammers Will Try to Lure You Into Executing Code by Promising Crypto Gains

Mynah Marie
Photo by Tara Winstead from Pexels

With the giant steps cryptocurrencies took toward mass adoption in the last few years, more and more less tech savvy people are looking to jump on the crypto train. Unfortunately, because cryptocurrencies are still massively unregulated, they also provide a myriad of opportunities to scammers for profiting from people without fearing legal consequences.

There's one very popular scam going around right now on YouTube and on many popular blogging platforms such as Medium. This ploy takes advantage of people's lack of knowledge in programming by making victims believe they'll make insane amounts of profits if they run a script provided by the scammer.

The concept these scammers are leveraging is called flash loan arbitrage.

What is flash loan arbitrage?

Flash loan arbitrage is a real technique in crypto and it can be used to make big profits when applied correctly by someone who knows what they're doing.

In general, whether it's in the crypto world or in the traditional banking system, if someone wants a loan, they'll first need to provide some kind of collateral. But when transactions are made on a blockchain, there's an exception to this rule. A loan can be made without the need of any collateral if the debt is repaid within the same block transaction. This is what we call a flash loan.

Since the debt needs to be repaid in the same block transaction, this means the whole operation needs to happen very quickly, too quickly for a human to do it manually. That's why we need to leverage the power of code to execute a flash loan.

You might be asking yourself: is there any way to borrow money and not repay the debt? The short answer is no. Blockchains have security measures in place to detect if a smart contract will be able to repay the debt in the same block transaction or not. If it detects a problem, the transaction will be reverted. Not only that but the failed transaction will still cost gas money, so someone triggering a smart contract that fails to execute will still lose the amount paid in gas fees to trigger the execution.

But borrowing a cryptocurrency like ETH and repaying it back only a few seconds later, if not less, isn't going to make anyone any money. The flash loan technique needs to be combined with some kind of trading strategy for it to be profitable. That's where arbitrage comes in.

Arbitrage is a trading strategy that involves monitoring the price of cryptocurrencies on many different exchanges and detecting small differences in price for a specific currency from one exchange to another. For example, ETH might sell for $2000 on one exchange but be priced $2005 on another. By buying for cheaper on the first exchange and selling for more on the second, it's possible to make good profits, especially when trading large amounts.

So the whole strategy and technique behind flash loan arbitrage is this: create a program that will monitor the price of many different crypto exchanges at once, and will then execute a smart contract call to borrow a large amount of a specific cryptocurrency selling at a lower price on one exchange, use that loan to sell it at a higher price on a second exchange, and repay the debt to the first exchange, all in one block transaction. What is then left in the smart contract's wallet are the profits from that transaction.

This is where scammers come in

So theoretically, by writing a program that monitors the prices on various exchanges and executes flash loans, someone would be able to generate high gains by profiting from these difference in prices. The premise is incredibly attractive but requires technical knowledge—the perfect recipe for scammers to develop a narrative to hook people.

There's been a surge of scammers on the internet who claim they have written such a program and are now giving the code for free. Most of them deploy their scam through YouTube videos with fake likes, fake subscribers, and fake comments. Entering the words "flash loan arbitrage bot" in the YouTube search bar gets back all kinds of videos. Only a few of them are legitimate educational videos, mostly directed to people learning how to code with Solidity, the programming language used for developing smart contracts.

Pro tip: a legitimate coding tutorial video will never execute code on the main chain and will always use a test chain network.

A vast majority of the videos you'll see are from scammers trying to lure you into copy/pasting the code they provide in the video description into an online development environment called Remix, and then executing it.

In their video, the scammer goes on to showing you every step of the operation they expect you to perform while giving you very few technical details on what's actually going on. They will say you need to pay the gas fees for the contract to execute and then you'll need to "fund" the contract by sending it some tokens, usually ETH or BNB.

Once these steps are done, the scammer shows how after only a minute, they've magically received 10x, 15x, or 20x the amount of crypto they initially started with. The video ends there, saying this procedure is risk-free and that it's possible to run this code many times per day for insane profits.

How do these scammers make money?

Here's the catch. Hidden into the code given by the "nice person" in the video is a wallet address. The code provided actually doesn't do anything, except transferring your funds, the ones you apparently needed to send to the contract address to execute the flash loan, to the scammer's wallet.

You can easily find the hidden wallet address if you know where to look. It's usually in an external file imported into the code you are copy/pasting. If you look closely, you'll find that external file either by following an IPFS link, or by following any external link imported into the file.

Here are a few examples of what you might see:
An example of malicious external file imported through a URL.Screenshot by author
Following the link found in the image above, we land on this file that contains a wallet address.Screenshot by author
Example using an IPFS link.Screenshot by author.
Following the above IPFS link takes us to this file, again containing a wallet address.Screenshot by author.

If you enter the address you found on BSCScan or EtherScan, you'll be able to see all the transactions made in and out of that wallet. Most scammers transfer the tokens out as soon as they come in but by following the transfers and wallet addresses, it's possible to see exactly how much they made by scamming people.
Example of such a wallet. You can clearly see all the transactions made by different people.Screenshot by author.
The scammer is immediately transferring funds to another wallet.Screenshot by the author.
And here's the amount contained in the wallet the scammer is transferring their funds to. Not too shabby.Screenshot by author.

Stay safe from online crypto scams

The world of crypto is still in its early beginnings and because of that, it's the wild, wild west. Scammers will go to crazy extents to take advantage of vulnerable people who are misinformed and fall for the promise of easy money. That's why the best way to protect ourselves from these scams is to learn as much as possible about different blockchains and crypto projects before deciding to make an investment.

Knowledge is power and always remember, if something seems too good to be true, or too easy to be real, it's probably a scam.

Comments / 0

Published by

I write. I code. I make music. Also, I'm passionate about crypto.


More from Mynah Marie

Comments / 0