The Discord Scam I Wish More People Knew About
By: Chibi.
Greetings fellow web3 companions. As you may or may not know, I’m all about community. The fun of community. The spirit, the vibes of it. Honestly, anything online community-related.
While my previous articles have focused on the cozy feeling communities bring me, I felt a moral obligation to write about something less cozy today (sadly). Because this issue has been happening for years. And sometimes community can't be all about the fun, you know. Sometimes it’s about protecting it too.
So stay with me while I share a fairly common scam I keep seeing in the crypto space, the process I use to recognize it, and hopefully help you spot the red flags before falling for it.
So Basically…
Every now and then someone joins our Collab.Land server and asks something like:
“Is this domain legit?”collab.dex-land.com
collab.pool-land.com
Or:
“I’m trying to verify in a project’s Discord and it’s asking me to sign something and pay a fee. Is that normal?”
My first response is usually:
“Where did you find the invitation to that server? That’s not us.”
And they’re usually very confused.
Why?
Because they believe they joined the official server. The invite link came from the project’s official website or Twitter. Everything looks legitimate.
And that’s exactly why this works.
For Context
Collab.Land verification is read-only.
We do NOT:
- Ask you to pay to verify
- Charge gas fees for access
- Ask you to approve token transfers
- Request permissions to move your funds
- Ask for your seed phrase. Ever.
If a site asks you to sign something that includes token approvals or asks you to pay a fee to verify, that is not us.
What’s Actually Happening
Attackers reclaim expired Discord invite links, including vanity URLs. They recreate fake servers that look convincing. You join, and there’s only an open “verify” channel. A fake bot or webhook then redirects you to a website with a domain that looks similar to ours. Once there, you’re asked to connect your wallet and sign a message approving permissions, or pay a “verification fee.”
People think:
“Weird… but I didn’t share my seed phrase, so I should be safe.”
Unfortunately, that’s not always the case 🫠
Real Examples
- Someone reported a fake Collab.Land bot and phishing verification website. Unfortunately their wallet was drained. We asked where they found the Discord invite url and they pointed us to the official project docs website. The project most likely lost their Lvl 3 Nitro Boosts, and with it their vanity Discord URL.
Discord states:
Unfortunately, if you no longer have the Server Boosts to maintain the Custom Invite Link then you will lose your Custom Invite Link after 30 days.
You guys lost your discord server's lvl 3 boosting along with your custom invite URL, which was taken over by a scammer and is still linked in your docs @sentimentxyz
— Chibi 🌸 (@cwispychibi) January 15, 2024
You should fix this before more members get scammed https://t.co/3u0SSOXjVp pic.twitter.com/jgXKRqizLl
(Project never responded)
- Similar to the above scenario (sorry 4 image spam 😭). Someone joined our Discord asking about a phishing URL. They had also found the invite link on the project’s real website, but the project had lost their vanity URL and didn’t notice.
- And yet another case where we attempted to notify a project about the same issue. Same scenario, no response.
Are you aware that the discord invite in your link3 takes people to a server with a fake CollabLand bot @TranchingPro?
— Chibi 🌸 (@cwispychibi) November 22, 2023
Are you trying to scam people or did you let a scammer take your vanity? 👀 pic.twitter.com/Y2ezOaomEF
So What Should You Look Out For?
Here are the biggest red flags I’ve seen and how I check for them myself:
1. The Wallet Verification Domain
Our domain is:.collab.land
Our websites will always end in .collab.land
Anything else is suspicious.
2. The Server Size
Big project, few Discord members? Red flag.
If something feels off, cross-check the invite link somewhere else.
Look at the project’s official website, their X account, or their linktree and compare the Discord invite there. If the links take you to two different servers, one of them is a scam one.
3. The Server Layout
Only one channel to verify? Or a few channels but they’re all locked? Sus.
4. The Bot
Click the bot’s name.
Can you view a real profile?
For comparison, this is what the real bot looks like:
5. Urgency
Repeated @everyone pings pushing you to verify ASAP? That’s FOMO manipulation, and scammers do it often. Honestly probably the biggest and easiest red flag to recognize lol.
Note: These patterns apply to any verification or captcha bots, not just Collab.Land.
PLEASE REMEMBER
We are used to connecting wallets and signing messages all the time. That familiarity makes malicious signing prompts blend in with legitimate ones.
Attackers rely on speed and habit. They expect users not to read transaction details carefully.
Our verification should never require:
• Paying to verify
• Approving token transfers
• Granting permissions to move your funds
• Providing your seed phrase
If it does:
Stop.
Close the site.
Check with us first.
We see reports like this on a monthly basis, and it’s frustrating because it’s preventable.
I would hate to see the next person joining our server wondering if we’re the scammers. And I would hate even more to see someone realizing too late that they signed something they shouldn’t have.
If something about a verification process feels even slightly off, please pause and double check. Better safe than sorry.
Kk ilu thanks for reading and stay safe out there 🫶🙏❤️
Collab.Land token gating and membership verification operates as a read-only application. By signing a message to add a new wallet, you affirm ownership of that particular wallet address. Collab.Land solely accesses public blockchains to verify that a member’s wallet addresses are linked to the required tokens for role or group membership. Collab.Land maintains no access beyond reading public wallet addresses, which are transparent to all users.
