What to do when your NFT Discord server is hacked — for Founders
You have your NFT collection all setup and your getting closer to mint date and the scammers and attacks come in and you feel overwhelmed. Well, it happens all the time to most NFT collections out there and Discord isn’t the best option but it’s the only one we got.
What to do when your Discord gets hacked:
Let’s break it down time-wise:
WHEN you are being hacked
AFTER you are being hacked
PREVENT you from being hacked
1. WHEN you are being hacked
“I have survived. I will survive again.”
This is when you start to tunnel vision. Your biggest nightmare just actualized.
You must breathe. You must think. You must perform. If you are panicking, then what do you expect from your communtity?
This is your guide to follow in sequence.
Communicate
- Go on Twitter and tell your community that your discord has been compromised to minimize damage.
- Often times, hackers close all form of communication in Discord so no warnings can be sound.
Take control
-Majority of hacks now are through something called “webhooks” (See what they are). Basically, hacker installs a remote control in your home to steal control and post fake mint site in your channels
Your job is to delete the remote control, but how?
-Go to your server → server settings → integrations → webhooks → select and delete all.
-By doing this u should be able to stop the hacker from posting messages.
You are not out of the weeds just yet, you must find the hacker from creating new webhooks, but how?
- Go to your server → server settings → audit log → filter by action (top right) → type in “create webhook”
- This will allow u to find out whose account is compromised and is creating these webhooks. this is where the hackers is living.
- Ban this person for now.
Take a breather
The hacker is now out. Damage has been done. Your real job begins now because you got everyone depending on you. Stay strong.
Communicate
- No one knows what's going on. Everyone is scared and has no direction.
- It is crucial that you stay in communication.
- Reinstate your announcement and regular chat channel.
- Tell your community that you are back in control and will stay in communication.
- Do NOT ghost.
- Do NOT over promise.
- Do NOT avoid the problem.
Audit your server
- This is when you should have a flood of msg from ppl from all ard to offer help.
- Find someone that u trust to help u audit the server and make sure it is completely clean.
- Once you are 100% in the clear then u can look at the next steps.
Prepare an action plan
- Come up with an action plan on how you plan on handling with the situation
- Reconcile damage, seek resolution, prevention protocol, full audit.
- This was our plan.
Communicate again
- In the days to come, there will be a lot of rebuilding, a lot of questions, a lot of stress.
- Regardless of ur decisions, it is ur responsibility to communicate as transparently as possible.
- Never ever ghost ur community, they deserve to be in the loop.
2. AFTER you are being hacked.
- Communicate, over-communicate, constant communication.
- If you or your team can, message or call each one of your victims. you are devastated, they are equally if not more.
- Empathy and compassion are your best friend.
This is truly a time for you to show up and show the type of leader you are.
There is no hiding and you have to lead with your gut. I could tell you that there is an answer but there is no right answer because you can’t satisfy everyone.
Also, there is no roadmap as this is unchartered territories.
Consider your community
Consider your victims
Consider yourself
3. PREVENT being hacked.
What the server owner should do
- Make sure you are the server owner.
- You may not be the person who made the server, but u must tell the creator to transfer ownership to you, so you can take the right actions when things go south
What permission the moderators need
- Only give permission to a few selected, trusted people. The majority of mods won’t need full permission
- Even then, teammates are still human and thus there is always a way in.
- Whether that be social engineer or new tech, we must all stay vigilant
Why you need more than one moderator
- Always have enough coverage for all timezone so if anything goes down, u get notified immediately and can take action.
- Give ur direct line to a few trusted mods and make sure they can reach u.
- Never have one single point of failure and put in redundancy
Why to avoid stealth drops
- If you are considering this, forget abt it.
- Aside from creating an unhealthy fomo environment that risk ppl losing their time and money, i don’t see why this is a tactic to use.
- So any stealth drops can be seen as a scam.
Why to remind the community of official links
- Remind ppl to only mint from ur official website.
- Often times, scammer direct ppl to fake sites that ends with other domains, like .art, .xyz, etc.
What else you can do to keep safe
- Have bots that remind the public of safety protocols listed above every 15mins.
- Always bring in the community on how you operate, so if anything looks out of the norm, your community won’t fall prey.
Conclusion
The best way to fight scams/hacks is to be aware and be educated. We as pioneers of this industry must do everything we can to keep this space as safe as possible to onboard the next wave.
👇Comment what else can we do during a discord hack?
👋 Follow me on Medium — LinkedIn — Twitter — Instagram — TikTok
for more good stuff about Web3, Crypto, NFTs, DeFi, and more…
Get the ultimate NFT launch strategy here
References
