Be Cautious with Your Discord Server - It Might Not Be as Safe as You Believe

　　Josh Fraser, co-founder of Origin Protocol, pointed out some of the popular platform's flaws.

　　Discord has quickly established itself as the de facto community communications platform of choice for blockchain- and crypto-based projects and enterprises of every conceivable type since its inception in 2015 as a tool for connecting and interacting with other gamers. Countless blockchain, NFT, crypto, DeFi, and Web3 projects use Discord as their primary community interaction and marketing platform, from exclusive, invite-only Discord servers for NFT collecting to airdrop and insider news groups.

　　Unfortunately, many server security concerns, hackers, compromised accounts, and other privacy issues have afflicted Discord. Many of these vulnerabilities were recently highlighted by Josh Fraser, a co-founder of Origin Protocol, in a Twitter thread he made to educate the general public about the possible dangers of utilizing Discord.

　　To begin, Fraser claims that unauthorized third parties can gain a lot of information about the inner workings of various projects on Discord because the Discord API leaks the name, description, members list, and activity data for every private channel on every server. Because many crypto projects use secret Discord channels for a variety of purposes, such as cooperating on unannounced partnerships, product launches, exchange listings, and more, it is wrong to assume that these channels are actually as private as their users believe.

　　To demonstrate his claim, Fraser describes how private servers for Binance employees, an OpenSea server for Solana launch partners, and a Compound Finance channel for Coinbase were all discovered to be public, despite Discord indicating that they were private via a lock symbol.

　　What are some of the risks associated with these issues？ To begin, Discord's security flaws include leaking private server information, private user data (which can be used for doxing), and activity data (which can indicate an upcoming listing or release), as well as crypto projects using their multisig wallet addresses as the description for their private channels, which can potentially flag otherwise unremarkable data to malicious eavesdroppers. These are in addition to Discord effectively undermining the public's (and its users') trust by failing to secure data on servers that should be private.

　　While Fraser brought these issues to the Discord team's attention, it does not appear that they will be resolved anytime soon. It is in the public's best interest to be aware of these potential security risks and to take whatever steps they think necessary to protect their privacy and data.

　　As a reminder, WikiBit is ready to help you search the qualifications and reputation of projects in a bid to protect you from hidden dangers in this risky industry!

　　iOS: t.ly/UUCj

　　Android: t.ly/cfYt