I ran a Discord selfbot script in Replit, but I'm puzzled about how the guy managed to get my token when I thought the code was clean and safe. I don't really have any experience with Replit, and while I've already reset my token, I'm just curious about how it could happen without any obvious malicious code or processes that send my token elsewhere. The token only exists in memory during script execution, so how did this occur?
3 Answers
For safety, it's best to develop your own bots. It's much easier than it sounds, especially with Python. You'll have better control and understanding of what your code is doing.
It makes things easier to understand if you can share the actual code for the bot you're using. Without seeing it, it’s tough to diagnose the problem accurately.
If your token was captured while running that script, it might not just be the main code you're looking at that’s the issue. There's a chance that a malicious dependency or package linked to the script is what did the trick. It’s always a good idea to review all parts of the code, including any libraries it might pull in.
I ran the script too, and I’m pretty sure it still logged my token. Even if it looks harmless, there could be hidden tricks in the dependencies.