Fraser's research exposes a broader truth about cryptocurrency and the new Wild West of finance. While traditional financial communications take place over protocols like the highly secure (and expensive) Bloomberg Terminal or SWIFT, which catapulted into the public consciousness when Russia was banned from it, the most important messaging service in the world of crypto is Discord, which is a powerful chat app but was not designed from the ground up with security in mind. Discord chats are not encrypted, public chat histories can be available to anyone who joins a channel, impersonation scams are common, and the security issue Fraser found remains a problem. Attempts by Discord to design specific features for crypto projects have been met with wide backlash from its main user base of gamers, many of whom find crypto reprehensible.“Those [Discord] bots are a huge liability when it comes to security.”

A screenshot of the Symphony messenger. (Image: Symphony)
Virtually every crypto project's Discord server is filled with fake accounts sending private messages with phishing links to everyone in the server. If you don't set your Discord account to only accept private messages from your contacts, there is no warning that pops up to tell you the message comes from someone you don’t know and it may be dangerous, a disclaimer that would make a huge difference and would be an easy solution, according to Tong. Motherboard has joined a handful of crypto servers over the years and is regularly subjected to dozens of private messages from sketchy servers or containing phishing links.Do you have information about hacking groups targeting Discord servers? Or do you know of other web3 and crypto hacks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com
Discord’s design for gamers, a large community of typically pseudonymous people who aren’t necessarily close friends or colleagues, makes it popular in the world of crypto and DeFi, which also value pseudonymity and trustlessness. However, those same factors make it easy for scammers to blend in. .“[Discord] was never built to protect against such a dedicated attacker who is targeting such a vast swathe of accounts.”
The warning that Discord displays when users click on a link that’s been flagged as malicious. (Image: Discord)

