Arina BBArt, 1/1 Artist, collaborated with L’Oréal, RED, TIME, NFT NYC
Arina [00:00:00] So, my story is about Discord and how I lost it. What I've noticed is that most of these hacks happen when you're incredibly tired or have an upcoming event.
“The hackers know who and when to target.
“
I've been in the space for two and a half years now, and I'm usually very paranoid about security. Reading painful stories on my timeline taught me how to use wallets and be cautious with links. I even went to the extent of buying a new phone to avoid using my main phone, just to be extra secure. However, even with all my caution, one night when I was very tired, I made a mistake. A person impersonating a podcast DM'd me for about a week, asking to interview me. They sent me a list of questions, making the conversation seem natural. Among other questions, they baited me by asking if the scans were in an empty space. I agreed to do the interview, and they said it would be hosted on Discord. Being familiar with Discord from attending other spaces, I didn't think much of it. However, I should have been more alert because I am not very comfortable with Discord.
“That was a lesson I learned the hard way. If you're not fully comfortable and aware of the security measures, it's best not to proceed.
“
Despite running my own Discord for two years, I wasn't fully comfortable with it. But due to the pressure in the Twitter space, I felt I had to have it. That night, when they directed me to a Discord channel, I was aware not to click on any links. However, I was not fully aware of Discord security. Normally, when joining other Discord channels, I would use my other accounts, not my main one. But that night, I was tired, and my backup phone, which had the password to my burner Discord account, was uncharged and downstairs. I didn't want to go get it because I was lazy and tired. That's when you should stop working and not do anything. But I clicked on a bot that required account verification.
“I thought the bot was real, but later realized it was a common scam. The moment I clicked on "verify," it took me to a fake website.
“
Because I wasn't familiar with Discord, I thought it was normal to log in again, so I entered my information. Since I was logged into my main account, they gained access to my information. Immediately, I realized something was wrong and changed all my passwords. Thankfully, my email alarm went off, notifying me of someone trying to access my Twitter account.
“I changed all my passwords and the next day, I discovered they had transferred ownership of my Discord channel. They didn't kick me out as an admin to avoid raising suspicion.
“
Instead, they slowly started posting malicious links to the channel, taking advantage of my 800 followers. I manually banned every person from the channel with the help of a friend and deleted all the channels. I could have reached out to Discord support to regain ownership, but it would have taken longer. I didn't want to put my followers at risk due to my mistake, so I deleted the Discord server. It took a toll on me mentally because it felt like all my hard work was gone in an instant. From this experience, I learned never to work or communicate with strangers when I'm tired. I also learned to use burner accounts as much as possible. Scammers are always coming up with new ideas and targeting those who are exhausted or have upcoming events. So, always be cautious and careful.
Seni [00:08:30] I'm sorry for what happened to you. As an artist, it's important to guide your audience and create a safe space on your Discord. Realizing that scammers could harm your collectors and audience must have been incredibly stressful. Another problem is that all our links are connected, so when one link is compromised, it puts all the other links at risk. It's impossible to fully understand all the weak points in these link connections, but it's clear that all links are vulnerable. Have you changed your Twitter password? Let's learn from real-life cases and be cautious. Avoid clicking on links, verify who you're talking to, and never reconnect your wallet if asked by a Discord channel or similar. Did you ban everyone from the Discord? Is your Discord inactive now?
Arina [00:11:00] Yeah, I still have my account. I can still do whatever. But the channel itself that I created is gone. I deleted every single channel and banned everybody. The only person left in there is a scammer. However, I took immediate action afterwards on Twitter. I changed the passwords, set up two-factor verification, and also changed the connected email.
“I think it's a good practice to set up separate emails for different accounts like Twitter or Instagram, and never use them for anything else. These should be exclusively for your social media accounts.
“
Additionally, I checked all my Google accounts to see which devices were connected and made sure to change every password, even if there was no indication of unauthorized access. I was extra paranoid because losing Twitter that day was my biggest fear. It would be incredibly difficult to rebuild everything. So, be cautious with your accounts.
Quickotter [00:12:53] Arina When your discord got hacked and they were posting links and things in your discord, did anyone get scammed?
Arina [00:13:02] No, no. I was very lucky because I acted immediately. Yeah. Yeah. No, no, no. They also weren't like. That's the other weird thing that wasn't. There wasn't any minute links. This person posted one thing, and it looked like they were just trying to get other accounts, so they were trying to accumulate as many accounts as possible. But as soon as it happened, I went to my group chat again. Another important thing is to not put all your eggs in one basket. If you're an artist or building something, make sure you have other platforms. For instance, I had my mailing list that I started building a couple of months ago because Twitter's algorithm was pretty slow and I wanted another way to connect with my holders outside of it. I've always felt uncomfortable relying solely on one platform. So I started the mailing list. I also created a Twitter group chat for my holders because it's easier for me to communicate there. Therefore, when the incident happened with Discord, I immediately went to my group chat and mailing list and alerted everybody. I said, "Hey, this is happening. If you know how to prevent it or if you want to help, please let me know." So I wasn't alone in dealing with it, and my friends and holders were helping me remove people from there. I was very, very lucky.
Seni [00:14:27] Yes. Thank God that nothing like people losing their accounts or something like that happened. I can't even imagine how distressing that moment was for you. You did a great job changing all the passwords and double-checking the social media that was connected. This is a nightmare, and yet you handled it well. Yeah.
Arina [00:14:54] It also happened on February 14th. And I know you were having dinner with my boyfriend because I.
Seni [00:15:02] I knew it, I was like, No.
Arina [00:15:04] He was like, Did you solve it yet? I was like, Oh my God.
Seni [00:15:10] I know.
“Quickotter [00:15:11] As you have been hacked, it was also the worst Valentine's ever. That's just mean.
“
Seni [00:15:20] Yeah, oh my God. These scammers, they know the moment when you can be easily distracted. It's crazy. But you know what? The initial contact, the starting point, as you mentioned, is usually when people ask you for an interview, which is a common procedure for successful artists with their own audience. It's part of the normal routine. So, where did this initial contact take place? Was it through Twitter? Did they text you on Twitter and then you responded?
“Arina [00:15:59] I saw someone on Twitter who had a verified account with a square and a yellow badge mark. They had a decent number of followers, including some mutuals of mine.
“
When I noticed this, I messaged my mutuals to warn them about the scammers. If you come across a scammer account and see that some of your followers are following them, don't just DM your friends. Let them know that it's a scammer account and to be careful.
Seni [00:16:38] Yes. Yes. And this verified by age is something that doesn't make sense at all. But for some reason, when you look at the gun that has this badge, like even if it's golden badge. Okay. Wow. Cool. But when you said like you are, I don't know, maybe my brain works this way, but you are just like, yeah, that's cool. So but you know that it's just eight bags per month, right? It's nothing more. It's not verified something. It has no any additional value in it. It's just exactly $8 per month.
Arina [00:17:21] Yeah, the yellow badges represent real companies, like the ones they would have.
Seni [00:17:31] Yeah, that's right. They had this yellow thing, right?
Arina [00:17:40] If you have yellow badges on, it means they have very obvious camera icons. Oh, another thing, after I posted my thread, a friend reached out to me and told me that this happened to him too. He is more experienced with Discord and he realized it was a scam, so he reported this account weeks ago.
“This could have been avoided if someone had looked into it, because multiple people reported that account and nothing was done.
“