paint-brush
MEVgate: How Twitter Collaborated With a Known Crypto Scammerby@twkaiser
600 reads
600 reads

MEVgate: How Twitter Collaborated With a Known Crypto Scammer

by Tobias W. KaiserSeptember 1st, 2022
Read on Terminal Reader
Read this story w/o Javascript

Too Long; Didn't Read

Scammer @nuri0x has been running a fake frontrunning bot scam for months without Twitter intervening. Twitter even accepted money from the scammer for paid advertisement and silenced the investigator who uncovered the scam.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail

Coin Mentioned

Mention Thumbnail
featured image - MEVgate: How Twitter Collaborated With a Known Crypto Scammer
Tobias W. Kaiser HackerNoon profile picture

In a prior HackerNoon story, I reported on one of the most elaborate type of crypto scams out there. Here's one scammer who disguised his scheme so cleverly that he fooled Twitter into not only letting him promote his scam for months, but also actively censored the investigator who called him out.


The scammer in question went by the handle @nuri0x on Twitter and claimed to be a former 1inch employee who has now founded the project MEVbots. The name of course suggests we have another instance of the frontrunning bot scam at hand that has been circulating for the past few months.


The scam itself is exactly the same. The Twitter channel of MEVbots has a Vimeo video pinned (since YouTube is too quick in deleting these videos by now), which tricks viewers to deploy and fund a smart contract that sends the funds directly to the scammer's wallet. What makes this case so scandalous is that nuri0x has apparently paid Twitter to promote his scam. This was screenshotted by me:


For those not versed in the German language, Twitter suggested me to follow the MEVbots channel and told me that this was a sponsored display. Of course, this makes the frontrunning bot scam a lot more effective. After all there are real frontrunning bots out there (selling for hundreds or thousands of dollars and making their owners fortunes), one might assume that Twitter carefully vets ad sponsors and filters out scammers.


Now even if this was a real frontrunning bot, allowing them to buy paid displays would be a major scandal on Twitter's behalf. While frontrunning in crypto is technically not illegal, these bots steal from honest DEX traders. But letting a confirmed scammer do this is something different entirely.


What further adds to the seeming trustworthiness of MEVbots is that its promoter nuri0x ran an ordinary account that perfectly looked like an honest, non-automated Web3 channel. MEVbots constantly tweets about successful sandwich attacks that were supposedly carried out by users of the frontrunning bot, alongside the on-chain transaction as "proof". In reality, these tweets were copied from the EigenPhi MEV Alert bot, which scans blockchains for sandwich attacks.


Also, him pretending to be a former 1inch employee makes him seem trustworthy. In reality, his account was either stolen from some other Web3 personality, or botted up to over 50,000 followers (lots of Web3 channels, especially NFT promoters do that these days). 1inch has since confirmed that someone with the handle nuri0x never worked there:


Yeah, they’re running a full scam on twitter and lying about previous employment. [We] reported both twitter handles hoping they’ll ban.


Their complaint at least seemed to have been somewhat successful at last. The account nuri0x has been banned now, but the MEVbots account is still active after an estimated two month of running its scam. Furthermore, the scam became public knowledge after the famous "on-chain sleuth" @zachxbt reported on this in July.

https://twitter.com/zachxbt/status/1549568222348836867

And what was Twitter's response? The starting post of Zachxbt's thread was partially hidden from view for some reason. His post still remained visible in his timeline, but was "unavailable" in quote tweets and did not appear in the Twitter search. Until lately.


It's not farfetched to assume that Twitter shadowbanned (or rather shadow-deleted) Zachxbt's post, to protect a paying customer. This likely made a dent in the post's reach. It is also not farfetched to assume that Twitter's algorithms took further measures to limit the reach. Compared to other threads Zachxbt posted around the same time, the one in question has a noticeably lower amount of RTs, likes, and comments.


Overall, I think that this was yet another burp by Twitter's shady algorithms, but one that did considerable damage. Zachxbt mentioned two victims that were scammed for a total of 44 ETH. With over month down the line, I estimate that nuri0x came away with well over 100,000 USD and his scam is still ongoing at the time of writing. Also, letting a scam run for almost six weeks after it became public and actively surpressing the dissemination of information warning about the scam, whilst taking money from the scammer for paid advertising, proves severe negligence on behalf of Twitter.