We have recently received numerous complaints regarding a significant cryptocurrency scam involving MevBotPro, an arbitrage bot at remixbotcompile.pro, that deceives users into believing they are investing in a legitimate trading system. Instead, the funds are funneled into a contract wallet and subsequently moved to another wallet, leaving investors with nothing.

The scam in question has been reported to involve multiple transactions, with victims sending substantial amounts of cryptocurrency. In one such instance, a total of 1.038971353227012906 ETH was taken from a victim. The transactions showed deposits of 0.541 ETH and 0.469999 ETH into the scam’s receiving address.

The final resting place wallet used by the scammers is identified as 0xfc91697C3704956967622CA815d4B05BE113aa74. The scammers operate under the name MevBotPro and have a scam website URL:

https://remixbotcompile.pro/#version=soljson-v0.6.6+commit.6c089d02.js&lang=en&optimize=false&runs=200&evmVersion=null

We encourage anyone who has fallen victim to this scam to share their stories and help us gather more evidence to combat this fraudulent activity.

Receiving Address Analysis: 0xfc91697C3704956967622CA815d4B05BE113aa74

The receiving address, 0xfc91697C3704956967622CA815d4B05BE113aa74, is crucial in understanding the scam’s mechanics. This Ethereum address has been associated with multiple transactions, receiving 6.830870209639172831 ETH, equivalent to approximately $23,343.95. Subsequently, the address has sent out nearly the same amount, totaling 6.830593868491250831 ETH, valued at $23,343.01, indicating that it has been actively used to circulate funds. The current balance of the address stands at 0.00 ETH.

A closer look at the transaction history reveals that the address has been involved in 29 internal transactions, which further highlights its use in complex fund movements typical of fraudulent schemes. Notably, substantial amounts of ETH were moved into the address from various sources, including significant deposits such as 6.53805902 ETH ($22,343.29) and 1.00000000 ETH ($3,417.42), among others. These large transfers, followed by rapid movement of nearly equivalent amounts out of the address, suggest an intent to obscure the flow of funds, a common tactic scammers use to evade detection.

The alignment between the complaint and the activity associated with this address is evident. The complaint specified a total loss of 1.038971353227012906 ETH, broken into individual deposits of 0.541 ETH and 0.469999 ETH, which can be traced back to this address. This consistency corroborates the victim’s account and substantiates the claim that this address is integral to the scam.

Analyzing the transaction details and patterns associated with 0xfc91697C3704956967622CA815d4B05BE113aa74 provides a clearer picture of how the scam operates. The rapid turnover of funds and the lack of a remaining balance reinforce the suspicion that this address is being used as a temporary holding point before transferring the stolen funds to another location, further complicating recovery efforts.

Domain Analysis

Registered on June 20, 2024, with Registrar of Domain Names REG.RU LLC, remixbotcompile.pro is relatively new, established just over a month ago. The domain’s recent creation date is a significant indicator to be cautious about, as scam websites frequently use newly registered domains to operate before being detected and shut down.

The WHOIS data for remixbotcompile.pro is largely redacted for privacy. The registrant is listed as a private person based in Jeknunidri, Russia. Using privacy protection services to obscure key details about the domain owner can be a red flag, especially when combined with other suspicious elements. Legitimate businesses usually have no need to hide such information unless they have something to conceal.

Further examination reveals that the domain is hosted by Ddos-guard LTD, a hosting provider known for offering protection against Distributed Denial of Service (DDoS) attacks. While DDoS protection is a legitimate service, Ddos-guard LTD has been noted for hosting websites that engage in dubious activities, given their lenient policies towards the content hosted on their servers. The IP address for the domain is located in Rostov-on-Don, Russia, which is known to be a high-risk area for online fraud and scams.

The domain’s SEO and traffic metrics, as provided by Semrush, show minimal activity. Remixbotcompile.pro has zero organic search traffic and does not rank for any keywords, indicating it has little to no presence on the web. This lack of visibility is another red flag, as legitimate businesses strive to optimize their web presence to attract customers. Furthermore, the domain has only two backlinks from external sites. One of the backlinks comes from a site providing SEO services, uplinke-seo-services.sa.com, which has no established credibility. The other backlink originates from tpvinh.vn, a site that does not appear to have a significant reputation either.

Remixbotcompile.pro Review

The website remixbotcompile.pro purports to be an integrated development environment (IDE) for Ethereum, offering a suite of tools for coding, debugging, and deploying smart contracts. Upon visiting the site, users are greeted with a sophisticated interface typical of legitimate development platforms. The platform prominently features file management systems, project templates, and plugins, encouraging users to engage with its community through surveys and beta testing.

The primary focus of remixbotcompile.pro is to facilitate Ethereum-based development, providing resources like Solidity coding, transaction monitoring, and integration with GitHub and IPFS. The site also offers various themes and language settings, indicating a well-rounded user experience tailored to developers’ needs.

However, a critical look at the domain and its operational details raises significant concerns. The domain was registered only recently, on June 20, 2024, and is hosted by Ddos-guard LTD, a company known for its lenient hosting policies that often attract malicious entities. The use of privacy protection services to obscure registrant information further compounds these concerns, as it is a common tactic used by fraudulent websites to evade detection and accountability.

The platform’s interface is professional-looking, with features and tools that seem tailored for Ethereum development. However, this polished appearance can be deceptive, as scammers often invest in creating visually convincing websites to lure in victims.

Remixbotcompile.pro Reviews

An in-depth Google search for information about remixbotcompile.pro reveals substantial evidence suggesting that the website is involved in phishing and fraudulent activities. Notably, the domain has been flagged as a phishing site on various platforms and by several users in the online community.

One of the most compelling pieces of evidence comes from a Twitter post by the user @CarlyGriggs13, known as PHISH DESTROY. She issued a clear warning about remixbotcompile.pro, labeling it a “#phishing ALERT” and urging users to be cautious. Her post, dated July 16, 2024, includes a link to a URLScan report, which provides further details on the suspicious nature of the site. The URLScan report linked by @CarlyGriggs13 confirms the phishing nature of the domain, showcasing its involvement in fraudulent activities related to digital assets and cryptocurrency.

Moreover, additional reports from urlquery.net highlight the domain’s suspicious activities. According to these reports, remixbotcompile.pro has been associated with multiple phishing attempts, as evidenced by its presence in its database of flagged URLs. These reports consistently identify the domain’s IP address as 188.114.97.1, correlating it with other known phishing sites, thus reinforcing the claim of fraudulent behavior.

Several mentions of remixbotcompile.pro across different scam alert platforms, including urlquery and similar reporting sites, underline the consensus within the cybersecurity community about the domain’s malicious intent. The domain’s association with phishing attacks targeting digital assets and crypto-related activities is a significant red flag, especially for users engaged in these fields.

The detailed URLScan report linked by PHISH DESTROY provides a comprehensive overview of the domain’s activities, including its technical footprint and connections to other known malicious sites. The report offers a deep dive into the domain’s operational patterns, confirming its involvement in phishing schemes aimed at defrauding users of their digital assets.

Bottom Line

In our investigation of remixbotcompile.pro, several concerning patterns have emerged that strongly suggest this site is not what it purports to be. The combination of recent domain registration, obscured ownership details, and association with a high-risk hosting provider sets off numerous alarm bells. While the website’s interface is sophisticated and tailored to appeal to developers, this polished exterior should not be mistaken for credibility.

The overwhelming evidence from scam detection experts and the absence of positive user feedback further solidify the impression that remixbotcompile.pro is likely a scam. Reports of phishing activities associated with the site, highlighted by trusted voices in the cybersecurity community, cannot be ignored. The website’s reliance on these deceptive practices to lure in unsuspecting users under the guise of providing valuable development tools is particularly troubling.

Ultimately, the risks associated with engaging with remixbotcompile.pro far outweigh any potential benefits. The site’s sophisticated appearance may mask its fraudulent intentions, but the underlying red flags are too significant to overlook.