This is an incident report about the loss of access and deletion of the Ethereum Cat Herders Discord server.
- Incident: ECH Discord unauthorized access and deletion
- Date: Friday, December 03, 2021
- Time: Late evening EST (exact time unknown)
- First notification: 9:45 pm EST (by Etherscan Team)
- Twitter announcement: 11:30 pm EST
- New Server setup & announcement: December 04, 2021 at 9:12 pm EST
- Discord team response: December 06, 2021
The Ethereum Cat Herders Discord is a community built for those interested in learning more about Ethereum and/or contributing to the ecosystem. On Friday, December 03, 2021, a random user shared a phishing link on multiple channels of the ECH Discord. Pooja Ranjan, the owner of the Ethereum Cat Herders server, received notification from the Wick bot and also from Micah Zoltu, an EIP editor and active member of the server, who alerted her and urged her to remove the message in order to protect members of the server.
Pooja tried to remove the user from the server and remove the link from different channels from her phone. The attempt accidentally clicked on one of the messages, though the tab was closed immediately. Pooja responded on the server thanking Micah for the alert and reporting that the link was removed.
After a few hours did Pooja received a Telegram notification from one of the Etherscan team members that their team was reporting that the Ethereum Cat Herder Discord was no longer accessible. Before Pooja was able to respond to the situation, she had lost control over her own Discord account along with the three servers that she manages for different communities of the Ethereum ecosystem. This was when the full extent of the attack was realized. After some quick due diligence , Pooja wrote an email to Discord support explaining the issue and asking for resolution/assistance, and started informing the ECH team. Through some conversation with memebers, some consensus was reached which found it important to inform the community to be safe and be on alert for possible scams / fake Discords.
Pooja received a ticket number from the Discord team but likely due to it being the weekend, no immediate actions were observed. Pooja spent a few hours doing researching if there was any available mitigation or action that could be taken. The invite link, gave the impression that there was still a possibility of getting the server back, since it was still listed as active. (Image below)
The Arrow Glacier upgrade was in less than 5 days, and being uncertain of if and when Discord support can help us recover the lost group, the next day Pooja started the effort of reconnecting lost group members to a newly created ECH discord server. Pooja would like to thank Etherscan, Micah Zoltu, Tim Beiko, Darkiscool, Alen, Mryalamanchi, Muddlebee, William Schwab and many ECH contributors who helped get the new Ethereum Cat Herders Discord server running, and getting users connected with it.
The Discord team responded Monday, December 6, "Unfortunately, Discord staff does not interfere with individual server management and if the server was deleted, there is no way to restore it."
This incident gave us the opportunity to restructure the Discord channel. We have added bots to aid with additional security measures. The Wick bot has had its settings changed to make it more strict, and will kick users failing complianceout of the server. Pooja has also enabled 2FA.
We look forward to your suggestions and contribution to make this server a safer community for our users.
As Cat Herders, we want to provide maximum support to the Ethereum community especially at the time of any network upgrade. Glad to be back!