Incident Overview

On May 31st, 2024, a mutual giveaway between GM Cronos and Crazzzy Monsters was targeted by bad actors. The attackers exploited shortened Discord invite links, leading users to fraudulent Discord servers equipped with a fake Collab Land bot designed to drain users' wallets through deceptive verification requests.

Incident Summary

The exploit occurred when GM Cronos copy-pasted a Tweet containing shortened Discord invite links from Crazzzy Monsters. This process omitted part of the link, causing it to be "broken." Bad actors seized this opportunity, creating fake Discord servers and custom invite links that matched the truncated version, leading users to a malicious platform.

Once users entered these fake Discord servers, they encountered a fake Collab Land bot, which prompted them to connect their wallets for "verification." This was a ploy to drain wallets.

Timeline of Events (UTC+2)

• May 31st, 2024: GM Cronos and Crazzzy Monsters published a giveaway Tweet containing Discord invite links. These links were shortened due to being copied from a mobile device, causing the links to appear incomplete.

  

• May 31st, 2024 (shortly after): Bad actors created fake Discord servers, taking advantage of the shortened invite link to lure users into their fraudulent Discords.

  

• May 31st, 2024 (hours later): Users began joining the fake Discord servers, where they were asked to connect their wallets to a fake verification bot.

  

• June 1st, 2024: GM Cronos was informed of the exploit, and the giveaway was immediately taken down from their X (formerly Twitter) profile.

Impact Assessment

While the exact number of users impacted is unclear, the fake servers remained active for several hours, allowing bad actors to potentially drain multiple wallets. The attack undermined trust in the giveaway and caused disruption within the community.

Root Cause Analysis

The root cause of the exploit stemmed from the improper handling of shortened Discord invite links when the original Tweet was copied and pasted on a mobile device. The shortened version of the invite, missing key characters, allowed bad actors to create their own custom invite links to fraudulent servers. This mistake in link copying provided the perfect opening for bad actors to exploit unsuspecting users.

Resolution & Mitigation

• The GM Cronos giveaway was swiftly removed from X after the exploit was identified.

• A warning was issued to the community about the dangers of joining unofficial Discord servers and interacting with suspicious bots.

• GM Cronos and Crazzzy Monsters ensured their official Discord links were correctly shared across all platforms to avoid further incidents.

Post-Incident Analysis

• For Projects: Always verify the integrity of Discord invite links before sharing them on social media. When copying and pasting links, especially from mobile devices, ensure that the entire link is correctly displayed.

• For Users: Before interacting with any Discord server, particularly those asking for wallet verification, ensure that the server is legitimate. Verify the server's authenticity by cross-referencing official links from trusted social profiles or websites.

Conclusion

This incident highlights the dangers of shortened invite links on social platforms and how easily they can be exploited by bad actors. Both projects and users should remain vigilant, especially when dealing with third-party verification bots that request wallet connections. Proper link management and awareness are key to avoiding such scams in the future.