Disclaimer:
This is not financial advice. Do your own research and seek a financial professional before making any investments. We are not responsible for any issues or loss.
discord hack guide: founders edition
— wil (@wilxlee) February 6, 2022
(MUST read)
🧵👇
this guide covers:
what to do WHEN you are being hacked
what to do AFTER you are being hacked
what to do to PREVENT you from being hacked
share this with a founder
bookmark this if you plan to build
retweet this to help ppl u love
lets dive 👇
1. What To Do WHEN You Are Being Hacked
this is when you start to tunnel vision.
ur biggest nightmare just actualized.
u must breathe. u must think. u must perform.
this is ur guide to follow in sequence.
Communicate:
– go on twitter and tell ur community that ur discord has been compromised to minimize damage.
– often times, hackers close all form of communication in discord so no warnings can be sound.
Take Control:
– majority of hacks now are through something called “webhooks”
– basically hacker installs a remote control in your home to steal control and post fake mint site in your channels
– ur job is to delete the remote control
– how?
– go to ur server –> server settings –> integrations –> webhooks –> select and delete all.
– by doing this u should be able to stop the hacker from posting msges.
– u are not out of the weeds just yet, u must find the hacker from creating new webhooks.
– how?
– go to ur server –> server settings –> audit log –> filter by action (top right) –> type in “create webhook”
– this will allow u to find out whose account is compromised and is creating these webhooks. this is where the hackers is living.
– ban this person for now.
take a breather.
the hacker is now out.
damage has been done.
ur real job begins now.
u have a whole community,
a whole team, a whole project
to lead out of this.
stay strong.
lets continue👇
Communicate:
– no one knows whats going on. everyone is scared and have no direction.
– it is crucial that you stay in communication.
– reinstate ur announcement and regular chat channel.
– tell your community that you are back in control and will stay in communication.
– do NOT ghost.
– do NOT over promise.
– do NOT avoid the problem.
Audit:
– this is when you should have a flood of msg from ppl from all ard to offer help.
– find someone that u trust to help u audit the server and make sure it is completely clean.
– once you are 100% in the clear then u can look at the next steps.
Action Plan:
– come up with an action plan on how you plan on handling with the situation
– reconcile damage, seek resolution, prevention protocol, full audit.
– this was our plan.
Communicate:
– in the days to come, there will be a lot of rebuilding, a lot of questions, a lot of stress.
– regardless of ur decisions, it is ur responsibility to communicate as transparently as possible.
– never ever ghost ur community, they deserve to be in the loop.
2. What To Do AFTER You Are Being Hacked.
– communicate, over communicate, constant communication.
– if you/ur team can, msg or call each one of your victims. you are devastated, they are equally if not more.
– empathy and compassion is ur best fren.
this is truly a time for you to show up and show the type of leader u are.
there is no hiding,
u have to lead with ur gut.
there is not right answer,
u can’t satisfy everyone.
there is no roadmap,
as this is unchartered territory.
(thats why i chose to write this)
u need to consider ur community
u need to consider ur victims
u need to consider urself
all of which have opposing perspective, which is why a resolution is soo difficult to reach.
this is ours as case study 👇
3. What To Do To PREVENT Being Hacked.
owner:
– make sure u are the server owner.
– u may not be the person who made the server, but u must tell the creator to transfer ownership to u, so u can take the right actions when things go south
(note the crown beside my name)
mod permission:
– only give permission to a few selected, trusted ppl. majority of mods won’t need full permission
– even then, teammates are still human and thus there is always a way in.
– whether that be social engineer or new tech, we must all stay vigilant
mod coverage:
– always have enough coverage for all timezone so if anything goes down, u get notified immediately and can take action.
– give ur direct line to a few trusted mods and make sure they can reach u.
– never have one single point of failure and put in redundancy
NO stealth drops:
– if you are considering this, forget abt it.
– aside from creating an unhealthy fomo environment that risk ppl losing their time and money, i don’t see why this is a tactic to use.
– so any stealth drops can be seen as a scam.
website:
– remind ppl to only mint from ur official website.
– often times, scammer direct ppl to fake sites that ends with other domains, like .art, .xyz, etc.
safety reminders:
– we have bots that remind the public of safety protocols listed above every 15mins.
– always bring in community on how u operation, so if anything looks out of the norm, ur community won’t fall prey.
final thoughts:
the best way to fight scams/hacks is to be aware and be educated. we as pioneers of this industry must do everything we can to keep this space as safe as possible to onboard the next wave.
u must trust gut. trust ur instincts.
— wil (@wilxlee) February 6, 2022
be empathic and have compassion.
pleaseee share this to ur favorite founder.
retweet this if u plan on building.
this is the guide i wish i had. 🌟
