Leaked Discord bot token — server compromise

A Discord bot token grants the bot's full permissions. Leakage = the attacker controls the bot as if they were its developer, including reading messages and performing any permitted moderation action.

The next 60 seconds matter

The attacker runs the bot themselves. They read messages, DM users, perform bans/kicks, extract member lists from every server the bot is in.

  • Read messages in every channel the bot can see
  • Mass-ban or mass-kick members
  • Change server settings if the bot has admin
  • Exfiltrate member lists across multiple servers

Rotation playbook

  1. discord.com/developers/applications → (your app) → Bot → Reset Token
  2. Update your hosted bot's environment with the new token
  3. Review Audit Logs on every server the bot is in

Prevent the next one

  • Use minimal permissions in the OAuth invite URL
  • Deploy bots on isolated infrastructure; never commit tokens
  • Rotate tokens after every team-member departure
Pattern we scan for
24 base64 chars + period + 6 + period + 27