Here’s how an outdated URL duped thousands of dollars out of CryptoBatz NFT subscribers

Days after CryptoBatz, pop culture icon Ozzy Osbourne’s collection of non-fungible tokens (NFTs), went live, people complained about a potential phishing link shared by the artist that drains their crypto wallets. “CryptoBatz” is a series of 9,666 digital bats that went on sale on January 20.

According to The Verge, Osborne supporters took to Twitter and complained about a phishing scam draining cryptocurrency from their wallets, after clicking on a link shared by the project’s official Twitter account. Here is what happened.

Like most NFT projects, Osbourne’s NFT Collection was announced on the Discord NFT Marketplace on December 31, 2021 – which garnered over 4,000 retweets and hundreds of responses. The link took users to a landing page that featured all of the digital assets offered by the heavy metal artist.

However, the NFT project recently changed its URL which redirected interested buyers to the purchase page. Cybercriminals took advantage of this URL change and created a fake Discord server on the old URL. So when subscribers clicked on the fraudulent link, they were redirected to a fake Discord panel and asked to verify their crypto assets, prompting them to connect their cryptocurrency wallets.

The fake link shows that at least 1,330 people have visited the fake NFT project. An Ethereum wallet address linked to the scammers had received a series of incoming transactions totaling 14.6 ETH ($40,895) on January 20, according to The Verge.

At the time of writing, the malicious link is unavailable and appears to be removed.

Just a few weeks ago, New York-based NFT collector Todd Kramer said his collection of sixteen Bored Ape Yacht Club (BAYC) NFTs worth $2.28 million (Rs 16.94 crore approximately) had been “hacked”. NFT owner Todd Kramer said the OpenSea NFT market has “frozen” assets for him, including one Clonex, seven Mutant Ape Yacht Club and eight BAYC NFTs currently valued at around 615 Ether.

Recounting his ordeal, he tweeted that he clicked on a link that appeared to be a genuine NFT (decentralized application) unapp. But it turned out to be a phishing attack resulting in the theft of 16 of his NFTs. “I was hacked,” he wrote. “All my monkeys are gone.”

Comments are closed.