One of the most exciting and terrifying aspects of being in crypto is the ability to be your own bank. We have complete control of our funds and tokens—we can do whatever we want with them, and we’re also completely on the hook if we’re hacked.
Tons of crypto communities use Discord for conversation and management, so it’s no surprise the service has emerged as a primary means through which people get taken advantage of and hacked.
We collaborated with veteran community manager Steve Brown to bring you some tips to staying safe in crypto Discord.
He recently wrote a great Twitter thread about staying safe on crypto Discords that was the inspiration for this post.
Steve is the Community Manager for Nervous, a startup that helps artists of all kinds produce compelling and successful NFT projects. Steve is also a World YoYo Champion and one-time stunt double for Owen Wilson.
1. Trust no one
The Discord hack documented in the Twitter thread below is what’s called a confidence trick. A group of people will work to gain your trust, and then defraud you.
In this case, a group of people worked together to make the victim think he was about to get kicked out of a Discord he wanted to keep access to. As part of the recovery process, they asked him to share his screen and inspect element on Discord.
Just the tiniest peek of the screen was all that was needed for the attackers to gain access to control the entire Discord server.
The easiest way to avoid confidence tricks? Trust no stranger.
2. Moderator and admin accounts can and will get compromised
Hello Adam Bomb Squad,
— Adam Bomb Squad (@AdamBombSquad) November 7, 2021
An hour ago, our Discord server was hacked. The hackers were able to take hold of our server through a compromised Mod account. The scammer has been removed from our server and we have regained access.
Because confidence tricks rely on trust, the latest “trend” in crypto discords is to hack the accounts of trusted people within their respective communities.
You don’t actually know who is on the other side of that DM. Or if their account has been compromised. Everyone is being targeted right now because these scams are so lucrative so BE ALERT. pic.twitter.com/HHbpwrfjzW
— nervous (@nervous_net) November 8, 2021
Be aware that even when an account is trusted—it’s still possible for those trusted accounts to get compromised.
3. If you’re a Discord moderator, enable two factor authentication
Hacks happen, but you can reduce the likelihood of them as an administrator by enabling two factor authentication on your Discord server.
If you have a Discord server of your own, there is a setting that requires that all admins use 2FA. TURN THAT ON. Go to Server Settings > Security and smash this button: pic.twitter.com/r2xJoJPkaA
— nervous (@nervous_net) November 8, 2021
When you enable two factor authentication, none of your moderators will be able to perform any action unless they have two factor authentication enabled.
4. Never click on anything from a direct message
Generally speaking, no one who has your best interests in mind will ask you to do actions that compromise your safety.
A trusted person will not ask you to send cryptocurrency to them, scan a QR code, message you out of nowhere and ask you to click a link, or share your seed phrase or private keys.
5. Don’t click links or direct messages that claim they are from support
Pretending to be a support representative is a common way for scammers to gain your trust and convince you to click on a link.
Legitimate support representatives will not initiate a DM request with you if they do offer Discord support. Most big companies, such as OpenSea, do not offer support via Discord at all.
6. Don’t click on any links asking you for feedback
🦹Just a reminder that the 'download my game' Discord hack is still going around
— VTuberTweeter | Now w/ Patreon 🙏 (@VTuberTweeter) November 8, 2021
🖥️Recently one of the #VTuber on our Discord got hacked and their account started to send these out too
✉️Be cautious of any DMs from anyone asking you to download a game for feedback/ratings/etc pic.twitter.com/PVBPYKfPRn
In this scam, a person will message you and ask you to leave a rating or feedback for their game.
It’s easy to get confused by these scams, because there are real people operating them, and they will seem “normal” if you try to talk back to them.
7. Don’t believe offers that seem too good to be true
If a Discord you are in for a long sold out project posts at 4 am that they have opened minting without any kind of promotion or lead up, you can pretty safely assume that is bullshit & they have been compromised. Leave that server, you can always come back later when it’s safe.
— nervous (@nervous_net) November 8, 2021
Take a breath and think about the offer you see before taking any action. If it seems too good to be true, it probably is. The founder of Larva Labs did not message you at 2:00 AM offering up a Cryptopunk if you click this one link.
Don’t let greed or the fear of missing out propel you straight into the arms of a scammer.
8. When you join a server, turn off all links to DMs
Perhaps the easiest way to decrease the likelihood of getting scammed is to cut off the primary source—direct messages.
If you’d like to be extra careful, you can turn off the ability for all servers to message you by default by toggling the option in your Discord settings as shown above.
9. If it feels weird, it probably is
If it feels weird, it probably is. Screenshot the conversation, block the other party, and try contacting the organization or person you think you’re talking to through other official channels.
Seen a new hack you think we should add? Have feedback on this article? Let us know in our Discord, where we will never send you a DM or ask you for your seed phrase.
Discord dog illustration by William Tempest care of Ethereum.org.
Get Galactic in your inbox
Don't miss a post. Subscribe to our newsletter and get the tips and tricks, product updates and memes to your inbox every month.
We care about the protection of your data. Read our Privacy Policy.