Fun Fact: They don't actually get banned, they use an alt and give ownership to the server, because when discord removes a server, it permanently bans the one who owns it from discord.

i love that there’s minecraft music in the background

Props to you for bringing awareness to this scam, I almost fell victim to this!

They already "scan" images for being inappropriate, so I wonder how hard it would be to add a QR reader to that and if it's a 2FA link then uh oh, block that shit.

If this has happened to you. Reset your password ASAP! They get your discord token and they can login to your account. When you reset your password the token will reset as well and the hackers can’t login anymore. Discord has said this them selves. I hope this helps y’all.

Even if discord stops this scam people will eventually come up with new scam ideas Which is why I agree that there should be a penalty for malicious behavior

I fell victim to this scam, but I got my account back before they changed the email to it or anything so I would lose it completely. Thank God my nitro was paid for by a empty prepaid visa card. Only thing bad that happened that I was sad about is that people I friended but didn't have a mutual server with could have fell victim to the scam and I would have never known.

I love how the QR code on the thumbnail brings you to this video. You missed a perfect chance for a rickroll

Discord needs to retire the QR code feature. I think it's causing more damage than it is helpful.

Online scamming should be against the law and it should result in active punishment irl. Scammers are just too confident that they won't get any consequences from their actions.

Honestly the best solution Discord could do, even though I really don't want the images to be scanned (although its probably already happening...), is for Discord's Image API to find QR codes within images and cross verify them with their authentication system to prevent it. The QR code login feature is fantastic but since its been introduced its been used for so many scams. Although it may take a year(s) for them to actually implement it but thanks for bringing attention to it!

I had one of my fav youtubers on my DM's months ago cuz like I wanna say "I'm your biggest fan!" like that, and however weeks later she messaged me the same message "Idk if it's you or..". I'm glad people are spreading awareness of this new scam method :)

This morning a friend sent an invite to a server with the message: check what happened in #general, i cant believe it!. So i joined the server because i was curious but i saw i needed to verify. Luckily i was on discord mobile so i couldnt scan the QR code with my phone because i already was on my phone and i was too lazy to open discord on my laptop. First time that being lazy actually helped for me

the fact the qr code in the thumbnail isn't a rickroll is a missed opportunity

his voice is so chill

"Good" hackers usually publish stuff like this to put some pressure on companies to actually fix the issue, this QR code scam has been known for years and yet here we are.

Imagine if this dude is behind the scam the entire time and he’s making these videos to cover it up lmao. This prolly isn’t right but imagine

i love how this guy explains us how to limitless scamm people and also showing us how to avoid getting scammed

"If you use this, you are a peace of garbage" a little later, he literally shows the whole process

Just got one today, scared me, saw a qr code, instantly knew something was off. Thank fuck I didn't scan it. Instantly searched up discord qr code scam and you came up! Thank you :)

0:45 "This QR code doesn't work so no need to blur" SMILLY FACE :) I was hopping to scan it and get Rick Roll. 😒

You definitely earned a sub, you teached and showed me things of the most important which no other youtuber would ever do

I'm so glad nothing happened to me when I fell for this, guess I was just really fast in changing my password and removing my billing info

I recently got a weird message from a friend inviting me to a server, upon doing so, I was asked to verify with a QR code, got a weird feeling, googled it, and found this video, I checked the logs of that said friend on mutual servers and saw that multiple people fell for it and got their account stolen, sad to see, glad you made this video, saved me from losing a loaded account

A update on the repo: The owner took it down, since they didn't want to cause any harm with it. Their words taken from the announcement channel: I recently learned that my project 'Fake-Verification-Bot' was used by many people in a malicious way to scam other people and I'm sorry for that. It is important to know that my work was never created to be used in this way but mainly to show people what it was possible to do just by using the API made available by discord. Since a KZbinr (with about 80k subscribers) recently made a video about this to warn people, I'm afraid that on the contrary, it will make this project much more known and therefore more used in a malicious way which would be a disaster. So I'm thinking about deleting this directory to avoid more damage or make it private.

Couldn't discord just have a bot scan every image to see if it contains a login QR code? They already scan for pornographic content which im guessing is a lot more resource intensive than just checking a QR code.

3:53 As a bot programmer, I am not completely sold on the fact that the creator made this with malicious purposes. I enjoy making 'fake viruses' or 'fake virus bots' with any intention of harm, just to experiment with what I can do. I think the creator of the program might've thought the same, and really didn't mean to do any harm, or use the program himself. Edit: he actually confirmed this and deleted the repo, mentioned this video in his apology

Discord should fix this problem

Had no idea about this, stumbled upon this and accidentally avoided the scam. Joined the server thought it was legit (obviously I know now it wasn't). Good thing is, I don't have a secondary device to scan a QR on, and my phone is so broken when it comes to scanning QR codes it wouldn't have even worked. Nice to know that me not having advanced technology for anything helped me for once. Great video as well, very informative

Seems like the heart of the issue is the lack of innovation and having such a basic sad sack of a method for keeping track of people's accounts such as a token system

Discord should have a sort of test to help you better understand. I remember an update came to adopt me while I was monitoring my little sister on it, and it was a whole thing you had to go through to understand what kinds of scams there are and prove you know how to avoid them. Nothing annoying or too long, just something you have to go through in order to make an account. Personally, I'm very good at not falling for scams, but some people are not. A server owner everybody trusted was warning people about a scam, and pinged *everyone* with the link to the scam. Some people didn't see the part telling them not to click it, and multiple people lost their accounts, it took us a while to get some back but we didn't recover them all.

I have been scammed with a the discord fake games thing a long time ago not the qr codes but the name of the repo dev sounded familiar and the fact that they were in france made it even more familiar. Turns out when I got scammed I (tried to) decompiled the python exe file and through searching found a github repo. I continued talking with the guy who had sent me the Token grabber and got my way to find their phone number, rough location and their discord. I added them in friends and wasted their time by for maybe an hour or two. I got them banned from discord but heh they just made new accounts but im happy I pissed them off. And in their bio's they had a fake nitro website that I reported and it went down pretty quickly. Anyway great video and I definitely didn't expect to hear about the same idiots again

I got that message few days ago, and I joined their server. I clicked the verify button and it gave me the QR code which was to scan it to get access to the server, and within 5 minutes i notice something off, some people's nickname was changed to "this server is scam you must leave", and I felt a bit nervous. I left the server and reported it to the discord!

a good way to tell if its a scam if you have better discord installed you can get show hidden channels to see if there are any that are locked chances are they dont exist

Two things: 2FA doesn't prevent token logging whatsoever (some people think this) You can't just scan a QR code and get immediately token logged. A token logger runs on your computer, and if it was possible to scan a QR and a program run on your computer without any intervention from you, I'm very sure that the hackers could do way more. What normally happens is either the QR code is a login from phone, and even then, Discord has a warning to not scan QR codes you don't trust, or it redirects to a fake Discord login screen, and that is easy to catch out with the URL being different. Too many people think that if you click a link/scan a QR you get instantly hacked, which is completely untrue. Edit: Token logging works, regardless of if you have 2FA on your account.

I just was going to scan qr code but I remembered that servers don't usually ask for human verification with qr code soo I search about this and got ur video Thx❤️

No Text To Speech: “Why would anyone share a scam bot program if they’re not scamming people?” Also No Text To Speech: “Today I’m going to show you how to speed run making a scam server.”

I almost fell for this. I joined the server, but I realized how fishy it was when it started asking me to send a QR Code. I didn't scan it.

The best way to slow them down is to rate limit their bot which I think it's possible by spam clicking the button with multiple peoples and that will make their server rate limits their access to Discord's API unless they have good proxies they would get rate limit for too many requests and it restrictes the IP for at least some hours at hard limit -commited from Taiwan

after browsing through so many channels. Yours is by far the best. The explaining thod is so great and detailed even complex stuff is

3:20 This was made exactly for what it is being used to, this disclaimer is here just so github doesn't ban the repo

I just hope in another universe cheaters and scammer get punished so hard that they will never even think of doing anything bad online, EVER :)

Definitely, scammers need to face serious legal consequences. This has become pretty ridiculous and almost only has upsides for the scammer since he/she will quite easily find some victims and further spread the scam. Besides an account ban, hardware and IP blacklisting, Discord needs to file police reports against scammers in their home countries according to their IPs etc.

You're a good person @No Text To Speech for making people aware on this situation , its still happening months later as it almost just happened to me !

Nobody would even think of making a scam bot or a hack, then release it to the public and not use it to scam or hack

This QR code login thing is ridiculous from a cybersecurity standpoint. There's a reason why you don't see other big websites do it ; it's extremely easy to social engineer people into scanning a QR code as they're often seen as just pieces of data that can be read without consequences (and that's fundamentally what they are, except when companies use them for confusing purposes). This login feature is extremely dangerous, you don't reinvent the wheel like that when you're just a VC-funded company that invests more into looks and ease-of-use than actual security.

No Text To Speech + C418 damn, Anyway Thanks for the information

yooo he used my thumbnail idea, let's go bois

I can't believe I actually fell for one of these 💀

Glad I found this! My friend recently got hacked by one of these and I sent this to her because of the concerning information about this scam-

This one almost got me, Though I reported the server and within an hour they banned the server which was great! I warned my friends about the scam and they didn't know about the server so hey, at least they won't fall for it!

Fell victim to this scam a second ago! Just secured my account and fixed all the crap with it... Even after 5 months of this video being posted Discord hasn't done A SINGLE THING to stop the scammers in their tracks.

Idea 1: fully remove qr codes Idea 2: have discord automatically block images with discord qr codes (because literally no one uses this to send to friends anyway)

I just subscribed because all you are saying is true. I love that you are talking about this. You are the only KZbinr who does that. Thanks.

Wouldn’t say at all that the dev is using it, I’ve developed malicious stuff only meant to be tested on yourself such as a token grabber, the problem lies when you decide to deploy it, it being open source has nothing to do with the people who fork the projects intentions.

If you trust discord with your financial information you already deserve a darwin award. Despite knowing how flawed and insecure the login method is, discord still keeps it.

Lol like how he was like speedrunning it as a joke but also just showed everyone how to do it

the scam: scan this QR code! me, who doesn't have a device that is capable of scanning them: I am four parallel universes ahead of you

That github repository is the reason dangerous code should be protected from the public. There will always be a nefarious figure that will turn a good intentioned vulnerability point out into a fully fledged attack.

The same github page was taken down... but you can still access it with wayback machine . _. what a great way to inform others this exists

In conclusion : don't trust any weird shit about people 'exposing you'.

If I'm being honest, the whole "you sent a girl nudes so join this server or I'm blocking you" is so over the top and laughably hard to believe. Especially if its sent so many times with literally no change. You know, if I were them, I'd make it a hell of a lot more subtle, like "hey join this server rn" You'd expect dms like that. But hey, I'm not them and I don't plan on ever being them.

I’ve fallen for this before and it made me look extremely dumb. In addition, I bought nitro as a gift a long time ago and discord autosaved the info to the billing section which is just stupid. Safety measures have been taken and I’m completely safe now, but god that was unnecessary and discord really needs to scan for malicious qr codes, remove tokens being able to bypass 2fa or if it’s possible, remove tokens as a whole, or remove QR codes as a whole. I wish I could’ve seen this video earlier.

Someone from a dev team had “screenshots” of me scamming someone… so I was like the photo had to be edited because I don’t use that discord account at all. Then I was like bruh when I found this video 🤣 thank you for saving me from a scam!

Mass reporting or mass media of this scam can help. Now media platforms are getting in trouble just for people posting the same shit over and over.

I was literally just about to click "Yes, log me in" but I decided to stop and think, then came across this video.

insanely scummy. probably think they're so smart for scamming people when they just ripped it from github.

Thank you! I'm crying right now. A friend I don't know enough sent me this msg and I was so scared that something happened.

This has been going around again, one of my friends was hacked. There was no long winded message about leaked pictures, it was just "Yo join this discord real quick". I have scan all messages enabled on my account, so the scary part is it doesn't look like it's being picked up by discord.

One thing i've recently noticed is that these servers are then moving away from verification and impersonating "official" servers for stuff like games to try to scam people. I mod a server and someone reported a scammer and when we asked them for a link to the "server" they moderate, they actually linked to a somewhat reasonable impersonation of the server that was likely rebranded after using this method (had like 20k members, level 3, vanity url, but was still obviously fake as all the channels were empty and you couldnt verify).

I think the same. ⚠️ *1:* Discord should add some big warning while scanning or some big warning once you log in (only once) that tells you to watch out for scams and tells you some security tips 🔒 *2:* Most important way how to stop scammers is just to do something that will be scammers afraid of. Like that sue. Scammers will be afraid of jail. So they wouldn't do it because you cannot just create new life when you go into jail. So some huge action should be in place. 📜 *3:* People, share like me this video with discord staff under the "Suggestion" category in a ticket so Discord will take some ideas, etc. from this video. It will help and NTTS deserves it. 📌 *4:* Pin this comment, please.

Me who doesn’t take pictures of myself in general: I don’t have such weaknesses

Honestly, it was a pretty dumb idea in the first place to allow QR code login. First time I saw it as a login option I thought to myself: "Yeah, that's gonna end well."

Discord needs to remove log in with QR code at this point. It isn't worth the convenience for logging in now

Here is some information me and a group of people have found: It's hosted mainly in Bangladesh and Romania. It grabs your discord token, but your discord token gets reset when you change your password, discord has said it themselves. A lot of misinformation is being spread about this to make people scared. There is about a five-minute delay the bot takes between you scanning the code and you getting hacked. It doesn't change your password nor unadd your friends as my friends account is completely fine except it sent it to everyone on their friend's list. Hope this helps.

I had a gut feeling that this was a scam when I had a friend send it to me. I almost clicked it, but decided to wait a little bit. Then, a second friend got hacked, and I received the same exact message with very slight changes, and then I was 100% certain. Both got their accounts back, so that's a good thing.

People who is using discord should Tell discord/report this scam discord server or the virus

6 months later and I just fell for this scam. Great to see discord is on top of things

Update on AstraaDev 10-7-2022: Currently it seems like he took his github repo offline or private. My opinion: I agree with the idea that the makers of these tools should be looked at critically however, I do question if he really was malicious. He could have easily sold it without the repository being public. Making a repository public is a stupid move for a highly malicious user. The fact that he took it private now, but made it public to being with makes me question his intentions. Maybe he wasn't malicious after all, or maybe he only did so because he got caught?

For the Minecraft background music alone, this video is a 10/10

These are probably hacked servers thats why they have a lot of members

for a non scammer youtuber he sure knows alot about how to make a bot!!!

anyone else fell for it? :(

Thanks for the video. Got a DM from guy I played Tarkov with in another server with a server link to join. Wanted me to scan a QR code to verify the red alert in my head went off. Quickly searched on KZbin and looks like I was right.

I just got this scam message but didn’t scan the code. Thanks for making this video

I fell for this.And I've been paranoid since.

It's quite impressive that they got a simple QR code to token log people, I would love to see technical deep dives on these

you put a minecraft music, I legit almost cried, I hate you but I love you

Hope you'll make more videos talking about discord scams, they are great !

Thank you so much for this !!! It just happened to me and was very skeptical. Need to have more risk for Scamming

i hope they actually sue a scammer for 7 million one day

Your actually the goat, This helped so much thank you.

6:50 they should add it so, when you press the button, you will get redirected to a part of the login where there is the warning, and you will have to check the box where it has next to it "I understand and accept", and then after 5 seconds, you should be able to log in. Discord definitely should warn people with a proper message like i just described.

subscribed, just found you and your really underrated, you deserve atleast 500k subs with this content

Quick reminder to delete every auto sent message if you fall for it so your friens don't too

the admin in the group im in made a new script that auto deletes and mutes anyone that posts any of those kind of links or scam messages, it works well and its spooky when we see all the channels light up at the same time multiple times a day, but no message is there. its sad that the users have to implement this kind of stuff because the staff doesnt care

I got something similar, the one I got just said something like check general. Luckily I never clicked it but that’s a longer story on why. Thanks for making people aware. I hope Discord can better protect and handle this in the future. It makes sense why it keeps happening especially if they get income from it but sadly I do not see Discord suing, it’s happening to users not them. Only way they might is if people start saying they won’t use Discord due to the risk/issue.

Fun fact: A popular roblox games server got hacked (the owner scanned the code) and the 12k member server got redirected to the server and the original was deleted.

Wow this video is amazing. Discord seriously needs to watch this entire video and fix it

Thanks for this video, with all of your statements, I agree with them all and it’ll definitely discourage people to scam other people on Discord. I decided to like the video and Subscribe to your channel. I appreciate your hard work, and I hope the future ahead of us, will be better and less worrisome with less or no scams at all which is what I hope for. 😁