The Ozzy Osbourne NFT collection ‘CryptoBatz’ is off to a bad start after scammers hijacked previously shared links.
The NFT collection is a series of 9,666 digital bats with a unique mutation feature. Digital Music News covered the collection in more detail when it was announced. But just two days after the tokens were minted, CryptoBatz fans were targeted by a phishing scam assisted by tweets from the actual project. Confused? Allow me to clarify it for you – here’s how the CryptoBatz phishing scam went down.
The CryptoBatz project uses Discord (a program like Slack used by gamers) to organize its community. The official CryptoBatz Discord link can be found at discord.gg/cryptobatz. But the first vanity URL the project used was slightly different – discord.gg/cryptobatznft. So when the CryptoBatz project swapped vanity domains, scammers snapped up the old URL and pointed it at a scam Discord server.
The scam server was set up to look just like the official CryptoBatz server, even mimicking its verification process.
Ozzy Osbourne himself even tweeted using the old vanity URL. One tweet from the official CryptoBatz account with the now-scam URL received 4,000 retweets. It was only removed on January 21st after The Verge contacted the owners and pointed out the tweet.
The scam server had around 1,500 people in it at the time of writing. A cursory search of Twitter for ‘cryptobatz scam’ returns several users who were impacted by the scam server.
Once inside, a bot asks users to verify their crypto assets by directing them to a phishing website that prompts users to enter their seed phrase for their crypto-wallet. That’s a big no-no in the world of crypto – imagine a robber politely asking for a copy of your keys to rob you at his convenience.
The Verge identified an Ethereum wallet tied to the scam, as identified by an actual victim. As of the time of writing, incoming transactions totaling more than 28 ETH, or about $69,000. The CryptoBatz NFTs themselves are being resold on the OpenSea NFT marketplace for around 1.8 ETH ($5,046). Organizers say the fault for the scam lies with Discord, rather than themselves.
“We cannot take responsibility for the actions of scammers exploiting Discord – a platform that we have absolutely no control over,” Sutter Systems Co-Founder Jepeggi says.
Discord says it is aware of the scamming incident and is investigating. “Our team takes action when we become aware of attacks like this one, including banning and shutting down servers,” says Peter Day, Senior Manager for Corporate Communications.