RARI Foundation Discord server compromise: Official report

As you might know, on August 8, 2024 the RARI Foundation server was compromised. The breach was first noticed when suspicious messages were being posted to #announcements channel. We immediately notified the community and took measures to secure the server, including:

• Revoking the compromised accounts' access and removing links 

• Working with the server owner on resetting and restoring access to server admins and mods

• Temporarily locking the server from invites and DMs for 24 hours 

Analysis conducted by the RARI Foundation team indicates that the breach may have occurred due to phishing, resulting in credential theft of a server admin (commonly known as token logging). Our server is now secure, and there are many learnings and improvements we have been working on since. 

Mitigation and Remediation Actions

The following actions were implemented on August 9, 2024 to mitigate the impact and prevent future incidents:

• Revamping role permissions and adjusting channel-specific permissions

• Audit of current onboarding, deprecating old onboarding steps, then enhancing with native Discord features and additional automod keywords in usernames  

• Upped auto-moderating via YAG Bot with additional flags on scam-related keywords, detailed member logging, and additional filters that go against community guidelines  

Protecting yourself 

Additional security measures you can take include reviewing your account security settings and resetting passwords with 2FA (enable two-factor authentication).

We also recommend that you review the Discord Safety Center. 

And of course, a reminder: never click on suspicious links!

Conclusion

RARI Foundation Discord Server compromise has been contained, and normal operations have resumed. However, continuous monitoring is in place to detect any further suspicious activities. Thank you for your patience and continued support during this time.