A Github.io hosted Ethereum Exploit robbing people, 2 victims lost $30,000 in crypto.

A YouTube scammer named John running a successful Github.io Hosted Ethereum Exploit on his YouTube channel “Web3 Solidity Tutorials” with 26.7 thousand Subscribers is running a mega Crypto scam and roaming free.

[*Updated 29/7/2022: He is back with a new Channel, “Web3Acadamy“. [Scam Video Link New]

His Scam video that was uploaded on the 12th of June 2022 with the lucrative title, “How to make $1000/DAY on UniSwap?already has over 108,078 views.

In his video, he instructs his viewers on how to use GitHub.io hosted Remix IDE v0.21.4 running a Solidity Compiler [File: Bot.Sol] by adding his own custom code to create a new contract.

He already has 8,300 likes on his video. What about Dislikes? Well, YouTube doesn’t want us to know about the number of dislikes. But opening his video on “YouTube Vanced” you can see 13,000 people disliked his comments.

But what about comments by those who got scammed? Well, YouTube again allows creators to conveniently delete ‘victims’ comments without leaving a mark.

This YouTube scammer has ripped off people. One Lost 15 ETH, which almost equals $ 24,000, while the other got scammed 2.5 ETH i.e $4,000

How does this GitHub.io Hosted Ethereum Exploit work?

The mega Ethereum Scammer makes a video with apparently his own clear voice instructing his followers about creating a new contract on the Ethereum blockchain.

He describes it as super smooth and even a non-Crypto literate or even a non-techie person can follow his steps.

During his lucrative lecture, he instructs his viewers to create a new contract Bot.Sol on Solidity Compiler running on Remix IDE hosted on GitHub.io. [Linked: Compiler v0.6.6+commit.6c089d2]

He asks his viewers to copy-paste a script that he shares on textbin into a newly created Bot.sol file and then runs the compiler.

Github.io Hosted Solidity Ethereum Exploit

Since many of his victims can’t understand the code. They simply fell into his claims of earning some extra $ETH (Ethereum coins).

After creating the new contract using the Solidity Compiler at Github, The innocent victims connect their MetaMask Wallets to the newly created contract. This is when the real scam starts.

Scammers YouTube Channel
Scammers’ YouTube Channel screenshot

You can check the timeline of events below:

The victim lost 2.5 $ETH, $4,000 in a Jiff

Here is the whole YouTube Scam Time Line with proof of transactions from Etherscan.io.

The Whole YouTube Ethereum Scam TimeLine:

According to the victim, He saw a tweet under a famous Crypto Influencer “DreadBong0” by a newly created Twitter profile “Dab.quirk” with the handle: @silp_nac.

Scammers Tweet: 

The victim clicked on the scammer’s video and started watching it. While watching the video, without double checking he started following the instructions.

He created a new contract just as it was guided in the video by adding the Scammers contract. Later he simply connected his MetaMask to that contract and send some and launched the contract.

Ethereum Scam Video
Scammers Video with over 108,000 views

His video description:

Uniswap is a cryptocurrency exchange which uses a decentralized network protocol. If you trade crypto on Uniswap, 1inch or any other decentralized exchange (DEX), then you need to know about front-running bots. In this video, we see a front running bot, performing buy/sell actions without having to go through the typical transactional methods. You can PM me here: 

The Etherscan Transactions Proof:

  • The victim sends $15 worth of $ETH (Proof) to the new contract to check if it works.
  • But since the scammer claimed that you have to send bigger amounts for this trick to work
  • The victim immediately sends 2.5 ETH (Proof) worth $4,000 to this new contract.
  • Once he sent the money to the new contract. The script runs and emptied the newly added contract and the money is shifted to this Suspected Wallet, which is an Ethermine miner pool address.
scammed 2.5 Eth
2.5 ETH scammed, Proof of all transactions.

The second Victim was exploited with 15 ETH ($24,000):

The 2nd Victim who lost 15 ETH i.e $24,000 to this YouTuber Ethereum Exploit didn’t provide us with the most needed transactional proof.

So we can’t post his/her details at the moment.

Scammer Info we gathered So Far:

YouTube Channel: Web3 Solidity Tutorials

YouTube Video: Link

Scammers Email: info@web3bayc.com

Location: United Kingdom

Telegram account: https://t.me/web3bayc

His Reddit: Crytoloover [Posted it here]

His Fake Crypto News Site: Posted here multiple times.

Suspected Wallet Link: Etherscan

UPDATE (28 July 2022)

His old channel has been removed from YouTube.

His New Contact info is here:

Channel: Web3Academy

Video: https://youtu.be/nIma21lpPCY

His ID:

Telegram: https://t.me/MaxWeb3Academy

Country: Pakistan

Scammer Email
Scammers’ YouTube Channel and Email Account info

When the victims reach authorities at MetaMask help:

The recent collaboration between MetaMask and Asset Reality to help crypto scam victims also seems useless here.

The victim contacted the MetaMask Help Desk by Submitting the ticket. He was asked to provide all the information including:

  • His MetaMask Wallet Address
  • Transactions happened via his Wallet
  • The Transactions details with the scammer.

After a long and detailed form-filling session, by providing all the Transaction details the authorities at Asset Reality came up with this email below:

The recovery process consists of two steps.

  1. Forensic Analysis of your loss is conducted, and an Expert Witness Report is prepared. This step is conducted by cybersecurity-trained Criminal Investigators, who determine i) if you are a victim of crime ii) where your digital assets have gone to and iii) if they are recoverable.
  2. Lawyers will prepare legal paperwork to freeze and seize back you’re lost/stolen digital assets. The Courts rely on the Expert Witness Report when they grant the Freezing Order.

You need to be aware of the costs.

The Forensic Analysis takes between 1 and 3 days to complete, and costs in the region of between US$ 2,000 and US$ 5,000 depending on the complexity. The legal process can cost between US$ 50,000 and US$75,000 depending on the lawyers you engage, their competence and familiarity with crypto, and the jurisdiction you are in.

In our experience, the total costs of recovery can be in the range of US$50,000 to US$75,000 or more.

What does this mean for you?

If you have lost

  • Less than US$75,000. It probably doesn’t make sense for you to pay to recover your crypto. Even if you recover your crypto you will likely be out of pocket.
  • More than US$75,000. It might make sense to pay to recover your crypto. As a next step, we would recommend engaging an appropriate Criminal Investigator who will write an Expert Witness Report. You can then determine if you’d like to proceed with the recovery process.

What are your options if….

You cannot afford to pay for the report or legal costs.

If you have lost less than US$75,000. 

Unfortunately, there is very little you can do. We (Asset Reality) will be looking to see if you are part of a bigger fraud and if you are, and there is a clear route to recovery, we may be able to get litigation funding to pay for the cost of the reports legal costs. If this is the case we will reach out to you separately.

If you have lost more than US$75,000. 

Depending on the amount lost, and a clear route to recovery, it is more likely (but not guaranteed) that a litigation funder will take on your case.

In both cases above, Asset Reality will coordinate with you.

You can afford to pay for the report and legal costs.

We would recommend that you consider commissioning an Expert Witness Report, and then decide if you want to pursue the legal route either paying for it yourself or obtaining funding.

We Need Your HELP! Share this on all Platforms

We have already reported the official authorities, but it seems like it will take time to get any conclusive results.

Here your help matters a lot. You can either trace these transactions and eventually reach the scammer.

Or simply share this post on all Social media platforms to force YouTube or GitHub to remove his malicious content from their platforms.

This will reduce the chance of new victims falling for this lucrative scam. You can also compensate the victim, by sending him any amount to his Wallet.

Compensating the Victim:

If you want to help the victim who lost $4,000 (2.5 ETH). You can send some $ETH to his wallet:

Address: 0x9cE45D94c2a20D62f8239B1BdfEdef8bcd30D215

or simply scan this image:

You can help with 0.001 ETH or 0.01 or even 1 ETH. That would be a great favor. The victim is determined to spend some of the money donated here to shout out about all other victims online.

Scammed Victims Wallet Address

Sharing is caring. So please share this post on all social media platforms.

Here is the victim’s profile on Twitter and his thread:

Be the first to comment

Leave a Reply

counter for wordpress