Two days after Ozzy Osbourne’s NFT collection were minted, supporters were being targeted by a phishing scam that drained cryptocurrency from their wallets, “playing off a bad link shared by the project’s official Twitter account,” reports The Verge. From the report: Like the majority of NFT projects, CryptoBatz uses Discord as a place to organize its community. The official CryptoBatz Discord is now accessed through the short link discord.gg/cryptobatz. But previously, the project used a slightly different vanity URL at discord.gg/cryptobatznft. When the project switched to the new URL, scammers set up a fake Discord server at the old one. But neither CryptoBatz nor Ozzy Osbourne took the precaution of deleting tweets referencing the previous URL, meaning that old tweets from Osbourne himself were left directing followers to a server now controlled by scammers.
One tweet from CryptoBatz, posted on December 31st, 2021, received more than 4,000 retweets and hundreds of replies. The tweet was only removed on January 21st after CryptoBatz was contacted by The Verge. On clicking the scam link, the invite panel for the fake Discord showed the total number of members as 1,330, an indication of the number of people who could potentially have been fooled by the scam. Inside the server, a bot spoofing community management service Collab Land asked users to verify their crypto assets to participate in the server — but directed users to a phishing site where they were prompted to connect their cryptocurrency wallets.
Tim Silman, a nonprofit employee, is one person who lost money through the scam. Silman estimates that around $300â”400 in ETH was drained from his wallet after he visited the fake Discord server through a link posted on the CryptoBatz website. […] An Ethereum wallet address Silman indicated was linked to the scammers had received a series of incoming transactions totaling 14.6 ETH ($40,895) on January 20th and sent it onwards to a wallet containing more than $150,000. The project had been slow to remove the bad links, even when informed, Silman said. Even as the fake link remained present in a prominent tweet, the CryptoBatz project continued to hype the public token mint. As of January 21st, CryptoBatz NFTs were being resold on OpenSea for around 1.8 ETH ($5,046). Sutter Systems, developers of the CryptoBatz NFT, laid blame for the scam squarely with Discord. “In our opinion this situation and hundreds of others that have taken place across other projects in the NFT space could have easily been prevented if Discord just had a better response/support/fraud team in place to help big projects like ours.”