Origin Protocol co-founder Josh Fraser pointed out some of the popular platform’s vulnerabilities
Since its inception in 2015 as a tool for connecting and communicating with other gamers, Discord has very quickly established itself as the de facto community communication platform of choice for blockchain-based projects and businesses. and cryptography of every type imaginable. From exclusive and invite-only Discord servers for NFT collections to airdrop and insider news communities, countless blockchain, NFT, crypto, DeFi and Web3 projects use Discord as a platform for community engagement and essential marketing.
Unfortunately, numerous server security issues, hacks, compromised accounts, and other privacy issues on Discord have plagued the platform. Josh Fraser, co-founder of Origin Protocol, recently highlighted many of these issues in a Twitter feed which he posted to educate the general public about the potential dangers of using Discord.
For starters, Fraser says that unauthorized third parties can collect a lot of information about the inner workings of different projects on Discord, as the Discord API leaks name, description, member list, and activity data. for each private channel on each server. Since many crypto projects use private channels on Discord for many different purposes, such as collaboration on yet-to-be-announced partnerships, product launches, exchange listings, etc., it is incorrect for anyone to assuming that these channels really are as private as their users assume. .
To illustrate his point, Fraser explains how private servers for Binance staff, an OpenSea server for Solana launch partners, and a Compound Finance channel for Coinbase, all turned out to be non-private despite Discord reporting that they were via a lock icon.
What are some of the dangers of these problems? For starters, Discord’s security vulnerabilities range from leaking private server information, private user data (which can be used for doxing), and activity data (which can indicate listing or posting). coming soon), to crypto projects using their multisig wallet addresses as a description. for their private channels, which can potentially flag otherwise mundane data to malicious eavesdroppers. These are on top of the fact that Discord effectively compromises the trust of the public (and its users) by not securing data on servers that should be private.
Although these issues have been reported by Fraser to the Discord team, it doesn’t seem likely that they will be resolved any time soon. It is in the interest of the public to be aware of these potential security issues and to take whatever steps they deem appropriate to protect their privacy and data.