This paper presents the first comprehensive analysis of an emerging cryptocurrency scam named "arbitrage bot" disseminated on online social networks. The scam revolves around Decentralized Exchanges (DEX) arbitrage and aims to lure victims into executing a so-called "bot contract" to steal funds from them. To collect the scam at a large scale, we developed a fully automated scam detection system named CryptoScamHunter, which continuously collects YouTube videos and automatically detects scams. Meanwhile, CryptoScamHunter can download the source code of the bot contract from the provided links and extract the associated scam cryptocurrency address. Through deploying CryptoScamHunter from Jun. 2022 to Jun. 2023, we have detected 10,442 arbitrage bot scam videos published from thousands of YouTube accounts. Our analysis reveals that different strategies have been utilized in spreading the scam, including crafting popular accounts, registering spam accounts, and using obfuscation tricks to hide the real scam address in the bot contracts. Moreover, from the scam videos we have collected over 800 malicious bot contracts with source code and extracted 354 scam addresses. By further expanding the scam addresses with a similar contract matching technique, we have obtained a total of 1,697 scam addresses. Through tracing the transactions of all scam addresses on the Ethereum mainnet and Binance Smart Chain, we reveal that over 25,000 victims have fallen prey to this scam, resulting in a financial loss of up to 15 million USD. Overall, our work sheds light on the dissemination tactics and censorship evasion strategies adopted in the arbitrage bot scam, as well as on the scale and impact of such a scam on online social networks and blockchain platforms, emphasizing the urgent need for effective detection and prevention mechanisms against such fraudulent activity.

翻译：本文首次全面分析了新兴的加密货币骗局——"套利机器人"——在在线社交网络上的传播。该骗局围绕去中心化交易所（DEX）套利展开，旨在诱骗受害者执行所谓的"机器人合约"，从而窃取其资金。为大规模收集此类骗局，我们开发了全自动骗局检测系统CryptoScamHunter，该系统持续收集YouTube视频并自动检测骗局。同时，CryptoScamHunter可从提供的链接下载机器人合约源代码，并提取相关的骗局加密货币地址。通过从2022年6月至2023年6月部署CryptoScamHunter，我们检测到来自数千个YouTube账户发布的10,442个套利机器人骗局视频。分析表明，骗局传播中采用了多种策略，包括伪造热门账户、注册垃圾账户，以及使用混淆技巧隐藏机器人合约中的真实骗局地址。此外，我们从骗局视频中收集了超过800个带有源代码的恶意机器人合约，并提取了354个骗局地址。通过采用类似合约匹配技术进一步扩展骗局地址，我们共获得1,697个骗局地址。通过追踪以太坊主网和币安智能链上所有骗局地址的交易，我们发现超过25,000名受害者落入此骗局，导致高达1500万美元的财务损失。总体而言，本研究揭示了套利机器人骗局的传播策略及规避审查方法，以及此类骗局在在线社交网络和区块链平台上的规模及影响，强调了针对这类欺诈活动迫切需要有效的检测与防范机制。