MEVgate: How Twitter Collaborated With a Known Crypto Scammer

In a previous HackerNoon story, I reported one of the more elaborate types of crypto scams around. Here’s a scammer who disguised his plan so cleverly that he fooled Twitter not only into promoting his scam for months, but also actively censored the investigator who called him off.

The scammer in question jumped at @ nuri0x on Twitter and claimed to be a former 1-inch employee who has now started the MEVbots project. The name, of course, suggests that we have another example of the cutting-edge bot scam on hand that has been circulating in the past few months.

The scam itself is exactly the same. MEVbots’ Twitter channel has a blocked Vimeo video (as YouTube is now too quick to delete these videos), which tricks viewers into implementing and funding a smart contract that sends funds directly to the scammer’s wallet. What makes this case so scandalous is that nuri0x apparently paid Twitter to promote his scam. This was screenshot from me:

For those unfamiliar with the German language, Twitter suggested I follow the MEVbots channel and told me it was a sponsored display. Of course, this makes cutting edge bot scamming much more effective. After all, there are real overhead bots out there (selling for hundreds or thousands of dollars and making fortunes for their owners), it could be assumed that Twitter carefully checks advertising sponsors and filters out scammers.

Now, even if this were a true cutting-edge bot, allowing them to buy paid displays would be a major scandal on Twitter’s behalf. While frontrunning in cryptocurrencies is not technically illegal, these robots steal from honest DEX traders. But letting a confirmed scammer do it is something entirely different.

What further adds to MEVbots’ apparent reliability is that its promoter nuri0x ran a regular account that looked perfectly like an honest, non-automated Web3 channel. MEVbots are constantly tweeting about successful sandwich attacks that would be carried out by the bot’s users in the lead, along with the on-chain transaction as “proof”. In fact, these tweets were copied by the EigenPhi MEV Alert bot, which scans blockchains for sandwich attacks.

Plus, pretending to be a 1-inch former employee makes him seem trustworthy. In reality, his account was stolen by another Web3 personality or he was transferred to over 50,000 followers (many Web3 channels, especially NFT promoters do this these days). 1inch has since confirmed that someone with the nuri0x handle has never worked there:

Yes, they are doing a complete Twitter scam and lying about a previous employment. [We] flagged both Twitter handles in hopes of being banned.

At least their denunciation seemed to have finally had some success. The nuri0x account has been banned now, but the MEVbots account is still active after about two months of running its scam. Furthermore, the scam became public knowledge after the famous “chain investigator” @zachxbt reported on it in July.

And what was Twitter’s response? The initial post of the Zachxbt thread was partially hidden from view for some reason. His post still remained visible in his timeline, but was “unavailable” in quotes tweets and did not appear in Twitter search. Until recently.

It’s not unlikely to assume that Twitter blacked out (or rather deleted) Zachxbt’s post, to protect a paying customer. This probably dented the reach of the post. Also, it’s not unlikely to assume that Twitter’s algorithms have taken further steps to limit reach. Compared to other threads posted by Zachxbt around the same time, the one in question has a significantly lower amount of RT, likes, and comments.

Overall, I think this was yet another burp of Twitter’s shady algorithms, but that it caused considerable damage. Zachxbt mentioned two victims who were scammed for a total of 44 ETH. With over a month, I estimate that nuri0x has come in well over 100,000 USD and its scam is still ongoing at the time of writing. Additionally, running a scam for nearly six weeks after it went public and actively suppressing the dissemination of information warning about the scam by withdrawing money from the scammer for paid advertising proves gross negligence on Twitter’s behalf.

. . . Comments & Moreover!

Leave a Comment