Discord scammers go CryptoBatz phishing

Discord scammers go CryptoBatz phishing

It’s not been a great couple of weeks for people looking to get in on NFTs. Missing apes, rug-pulls, it’s all go in non-fungible token land. The latest mishap has come to light, in the shape of bad planning and the slowly shifting impermanence of link ownership.

Rockstar Ozzy Osbourne announced “CryptoBatz” just a week or so ago. Whoever put the marketing campaign together deserves some sliver of credit for self-consciously poking fun at aspects of NFT culture in the promo video.

“He started thinking, started working…locked away in his library for weeks working on something big. He teamed up with a company called Sutter Systems. Their mission was to create an NFT project that wasn’t another celebrity rug pull.”

Well, they didn’t end up with a rug pull but they did end up with an accidental phish-ball rolling unstoppably downhill. But how?

Minting some Batz

Close to 10,000 digital NFT bats were supposed to be put up for grabs on an NFT marketplace. The bats reference a rather infamous moment in Osbourne’s career, and allow the owner to “breed” them with NFT images from other collections. A bit like Pokemon on the blockchain, perhaps.

As with any NFT project looking to gain leeway with the general public, it has a Discord server. There’s a good chance pretty much any digital project has a similar setup, and this is nothing unusual. However, things started to go wrong in a hurry – and it’s all down to the CryptoBatz Discord.

Discord in Discord Land

Not long after the bats went on sale, people started to complain about phishing links from official sources. Could it be true? Had this somehow turned into an incredibly bizarre rug-pull? The answer is no. It was something much more mundane.

The CryptoBatz project had, at some point, changed at least one of the URLs it was working with. They switched out the old Discord vanity URL for a new one, but didn’t delete old tweets containing the now outdated URL. Can you guess what the scammers did?

As per the above tweet, the scammers set up a new Discord server using the old CryptoBatz vanity URL. As potential victims naturally came across tweets with the old link in it, they were then directed to the (bogus) Discord server.

From there, it’s a short step to having their cryptocurrency wallets connected to things they shouldn’t be. End result: drained wallets, lost funds, CryptoBatz everywhere.

The financial impact of a cryptocurrency phish

According to this Verge article, the scammers made off with quite a bit of bank. Transactions to the tune of around $40,000 were sent to a digital wallet containing “more than $150,000”. The team behind the project claim they’re not responsible for “scammers exploiting Discord”, though it’s hard to argue against them having simply deleted outdated links in the first place. No links, no scam able to take place.

All the same: the back and forth doesn’t really help the victims. Even a project fronted by known entities can easily wander into a bad NFT situation, an area of digital business where it’s all a bit Wild West by default.

I suppose we must now add “Always check the most up-to-date link on any social feed related to NFT sales” to the growing list of tips to avoid gracing your digital wallet with an Electric Funeral.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.