Ozzy Osbourne's NFT Project Shared a Scam Link, and Followers Lost Thousands of Dollars (theverge.com) 27
Two days after Ozzy Osbourne's NFT collection were minted, supporters were being targeted by a phishing scam that drained cryptocurrency from their wallets, "playing off a bad link shared by the project's official Twitter account," reports The Verge. From the report: Like the majority of NFT projects, CryptoBatz uses Discord as a place to organize its community. The official CryptoBatz Discord is now accessed through the short link discord.gg/cryptobatz. But previously, the project used a slightly different vanity URL at discord.gg/cryptobatznft. When the project switched to the new URL, scammers set up a fake Discord server at the old one. But neither CryptoBatz nor Ozzy Osbourne took the precaution of deleting tweets referencing the previous URL, meaning that old tweets from Osbourne himself were left directing followers to a server now controlled by scammers.
One tweet from CryptoBatz, posted on December 31st, 2021, received more than 4,000 retweets and hundreds of replies. The tweet was only removed on January 21st after CryptoBatz was contacted by The Verge. On clicking the scam link, the invite panel for the fake Discord showed the total number of members as 1,330, an indication of the number of people who could potentially have been fooled by the scam. Inside the server, a bot spoofing community management service Collab Land asked users to verify their crypto assets to participate in the server -- but directed users to a phishing site where they were prompted to connect their cryptocurrency wallets.
Tim Silman, a nonprofit employee, is one person who lost money through the scam. Silman estimates that around $300â"400 in ETH was drained from his wallet after he visited the fake Discord server through a link posted on the CryptoBatz website. [...] An Ethereum wallet address Silman indicated was linked to the scammers had received a series of incoming transactions totaling 14.6 ETH ($40,895) on January 20th and sent it onwards to a wallet containing more than $150,000. The project had been slow to remove the bad links, even when informed, Silman said. Even as the fake link remained present in a prominent tweet, the CryptoBatz project continued to hype the public token mint. As of January 21st, CryptoBatz NFTs were being resold on OpenSea for around 1.8 ETH ($5,046). Sutter Systems, developers of the CryptoBatz NFT, laid blame for the scam squarely with Discord. "In our opinion this situation and hundreds of others that have taken place across other projects in the NFT space could have easily been prevented if Discord just had a better response/support/fraud team in place to help big projects like ours."
One tweet from CryptoBatz, posted on December 31st, 2021, received more than 4,000 retweets and hundreds of replies. The tweet was only removed on January 21st after CryptoBatz was contacted by The Verge. On clicking the scam link, the invite panel for the fake Discord showed the total number of members as 1,330, an indication of the number of people who could potentially have been fooled by the scam. Inside the server, a bot spoofing community management service Collab Land asked users to verify their crypto assets to participate in the server -- but directed users to a phishing site where they were prompted to connect their cryptocurrency wallets.
Tim Silman, a nonprofit employee, is one person who lost money through the scam. Silman estimates that around $300â"400 in ETH was drained from his wallet after he visited the fake Discord server through a link posted on the CryptoBatz website. [...] An Ethereum wallet address Silman indicated was linked to the scammers had received a series of incoming transactions totaling 14.6 ETH ($40,895) on January 20th and sent it onwards to a wallet containing more than $150,000. The project had been slow to remove the bad links, even when informed, Silman said. Even as the fake link remained present in a prominent tweet, the CryptoBatz project continued to hype the public token mint. As of January 21st, CryptoBatz NFTs were being resold on OpenSea for around 1.8 ETH ($5,046). Sutter Systems, developers of the CryptoBatz NFT, laid blame for the scam squarely with Discord. "In our opinion this situation and hundreds of others that have taken place across other projects in the NFT space could have easily been prevented if Discord just had a better response/support/fraud team in place to help big projects like ours."
a fool and their money (Score:5, Insightful)
Re: a fool and their money (Score:1)
Re: (Score:2)
This is just a whole other level of crazy.
Yes, they're going off the rails on a crazy train.
I would not have expected anything else... (Score:2)
... from an old pigeon eating rocker.
duh, but all I did was click (Score:1)
Re: (Score:2)
Re: (Score:2)
Yeah that's black. And no less, it was released on the sabbath.
Re: Enough! (Score:2)
Ready to invest? Nice Fucking Tulips Got scammed? Not Fairly Taken Lost your wallet or key? Now Find Them Going on a trip? Never Forget Toothpaste Cosmetic surgery paid with shit coin? Nip, Fold and Tuck Money to burn? No Financial Target
Reusing Coronavirus dashboards (Score:2)
Maybe when the pandemic is done we can repurpose all the coronavirus dashboards and trackers to instead track crypto currency and NFT scams. Or is a system that tracks the spread of a virus through the entire global population not sufficiently large enough to manage them all?
Who's to blame here? (Score:2)
Re: Who's to blame here? (Score:1)
Re:Who's to blame here? - not Discord (Score:3)
Sorry (Score:4, Insightful)
The fact is that you can't assume competence by those you obtain services from. Why should they be competent? 'Nobody ever got fired by buying IBM', so the story goes, so it really doesn't matter to the IBMs of the world if they do a good job or not. They still get customers, still get advertisers, still get users. It's why Microsoft can sell OS' that have security holes by the thousands to government agencies, banks and high-end corporations. They don't need to do a good job, it simply won't impact the bottom line. It never has, it never will, no matter how much money people lose.
Same reason one corp I worked for got a line leasing agreement from MCI, MCI violated the terms and the corporation simply let it slide - because contract terms don't mean a damn thing and both sides knew that going in. It would cost the corporation too much money to find an alternative, too much time to switch over, and too much prestige to admit failure. So MCI didn't have to honour anything and they'd still get their money. Even if the corp did eventually switch, one deal amongst millions is peanuts and no new customer would be deterred just as the corp wasn't by MCI's already uncertain reputation at that time.
The rule of business, though, is not about doing the right thing, it's about not getting the blame. Outsourcing is about blaming others for your mistakes and incompetence. Always has been. That's why nobody ever got fired for buying IBM. Has nothing to do with IBM being any good, it has to do with IBM being someone management could blame when things go south, thus protecting management for not taking anything seriously.
No, this is all common knowledge. Ozzy's tech crew knew they should have secured things, that they should never trust an organization with nothing to lose to always do the right thing, but by having Discord do all the dirty work, Ozzy's techs could rest easy in the knowledge that when something went wrong (and that's inevitable), then it's somebody else's problem, not theirs. And that's how this game has always been played.
Which is why so much goes wrong in technology. If nobody takes responsibility, then nobody has to ensure the right thing is ever done and nobody has to fix the problems when the wrong thing is done.
It's also one reason corporate IT managers don't do anything about security. If they did and the company gets hacked, then it's their fault. But if security has been outsourced to someone else, then it's somebody else's problem.
(Another being that IT is always listed as an expense, and competence is a much higher expense in the short term that beancounters are concerned with than incompetence. That it's cheaper in the long term, because the risks are lower, doesn't matter because high expenses now hit profit margins and dent share prices. And as it's a continuous drain, will continue to hit profit margins and share prices. A major scandal that may last a week or two at most, even if it's ten times the size, only dents profit margins and share prices for those couple of weeks.)
It's why the NHS got stiffed for a fortune over Heartbleed, even though the systems that were compromised should never have been on the public Internet to begin with. It's why there are hydroelectric dams with SCADA gear also on the public Internet. It's why almost the entire corporate IT sector is a mess, with a few exceptions. And it is only a few. Doing things right is rare, but doing things wrong is cheap and if the dice keep rolling in your favour until you're promoted, you get a nice bonus for doing a crappy job that costs the bosses less and you don't have to worry about the next guy complaining because the bosses will argue that the last guy (who they now play golf with) did the same job (as far as they're concerned) for less.
Because this is the standard mode of operation pretty much everywhere, if Ozzy wanted to hire someone then these are the sort of people who would be applying. The sort of people with the most experience, because good guys don't last in a toxic envir
Re: (Score:2)
that only happens when it's the lawmakers themselves who get fleeced. And I doubt many are Ozzy fans.
Really, why not? Right age, largely.
While I think it's insane to trust money to an Ozzy tweet, I do have to say I'm impressed by his ability to stay relevant. He rode the reality TV wave when it was a wave, and now he's riding the NFT wave apparently. Is there anything the man can't do?? ;)
Re: (Score:2)
I'll agree that Ozzy is staying relevant, which is definitely impressive.
I can't believe it (Score:2)
All aboard! (Score:2)
Hahahaha....
into the void (Score:2)
https://www.youtube.com/watch?... [youtube.com]
It's crims all the way down (Score:1)
Shocking! (Score:3)
I mean, if you can't trust vast amounts of imaginary money to an Ozzy Ozborne tweet, what can you trust it to?!?
What is this world coming to??
NFT and scam in the same sentence ? (Score:1)
who's to blame? (Score:2)
So let me get this right., if you replace Discord with a physical house, it goes like this:
They had a house they got mail at.
They moved houses.
They started getting mail at the new house.
They had old posts still referencing the old house's address.
They didn't setup mail forwarding from the old address.
Someone moved into the old house and kept the mail, doing bad things with it.
Sounds less like hacking and more like bad, chaotic business practices just asking for trouble.