As the Discord hijack is now resolved, I want to clarify what happened and provide some context behind today's situation.
29 Jun 2023, 17:21
As the Discord hijack is now resolved, I want to clarify what happened and provide some context behind today's situation.
Unbeknownst to us, at 10 am EEST, one of our community manager's Discord accounts was visibly compromised, as indicated by the Discord server audit log. This Discord account had been secured through a password manager and 2FA on a different mobile device. It is still unknown how the attacker gained direct access to this account.
Between 10 am and 5:30 pm EEST, the attacker actively installed multiple backdoors including hidden accounts, roles, bots, permissions, and Discord webhooks into the Discord server without our knowledge. This activity went unnoticed during this time period.
When the attack began around 5:30 pm EEST, we reacted immediately. However, due to the unfortunate timing and the elaborate preparation involved in setting up multiple backdoors, it took a significant amount of time to fully neutralize the situation. During this time the attacker had taken advantage of the multiple backdoors to continue his hold on the server.
Unfortunately, Discord does not have an emergency function to lock down the server, apart from completely deleting it. This limitation meant that we were unable to prevent members of our community from being exposed to fraudulent announcements regarding fake airdrops for a considerable amount of time. We understand the concern and frustration this has caused.
Let us know if you have any further questions or concerns.