Discord is Threatening to Shutdown BotGhost: The Enshittification of Discord.

BotGhost's response to Discord's breach notice and the future of the platform. Learn about the situation and what it means for users.

Monday, June 23 2025

This is not a post we ever wanted to make.

Discord has issued BotGhost with a formal breach warning and given us an ultimatum: find a completely new way to operate without using bot tokens by July 14, 2025, or the platform will be shut down. The catch? That alternative does not exist, and Discord has offered no guidance, no support, and no path forward.

We have spent the last 7.5 years building BotGhost, a platform used by millions, and suddenly, without warning, everything is at risk.

This post is long. Over 9,000 words, in fact. It is a full breakdown of what is happening, how we got here, and what it has been like trying to work with Discord as a developer for nearly eight years. It is part announcement, part post-mortem, part warning to anyone building something on this platform.

If you would rather skip the yappathon, you can head straight to the TLDR summary or the What You Can Do section for quick action items.

But if you care about how this happened, and what it means for you, your bot, or the future of building on Discord, we encourage you to read the whole thing.

What has happened?

A recent security breach on our platform brought BotGhost to Discord’s attention. As a result, Discord has issued us with a formal breach notice, citing a violation of their Terms of Service around our use of bot tokens to operate.

According to Discord, the violation stems from our use of bot tokens to operate BotGhost, something that has been a core part of how our platform works since day one. We are now being told we must find a completely new way to authenticate bots without using tokens. To our knowledge, no such method currently exists.

If we are unable to come up with an alternative solution by July 14th, Discord has stated that we will be shut down.

On top of that, Discord appears to be taking steps to reset or delete all applications ever associated with BotGhost, going back over our entire 7.5-year history. This includes users who may have only logged into our platform once, without ever deploying a bot or using any functionality. We have no idea how far they plan to go or what exactly they consider a “BotGhost bot,” because they have given zero information, zero technical clarity, and zero communication beyond generic copy-pasted responses.

We are trying to work with Discord and get answers, but so far, we are being met with silence and threats of platform-wide deletion with no roadmap, no discussion, and no real opportunity to fix things.

What is BotGhost TLDR

Providing this quick TLDR since this post will likely be seen by a lot of people who have no idea who we are.

• Started and bootstrapped in 2018 by a solo founder.

• Lets you build Discord bots without coding using a drag and drop builder. Think Scratch but for Discord bots.

• Created out of frustration trying to build my own bot.I realised beginners with no coding knowledge had no chance of creating their own bot.

• Designed to be an introduction to automation and programming. It is used as a stepping stone to building chat bots.

• Over 3 million users and bots created

• Handled 100 million+ commands used, buttons clicked and menus created.

• Used by high schools and universities to teach logic and programming fundamentals

• Built to bridge the gap between no coding knowledge and understanding basic programming logic.

What Discord is accusing and our response

We have recently received a formal notice from Discord alleging that BotGhost is in breach of Developer Policy 4, which prohibits the collection or solicitation of user credentials, including bot tokens. According to the notice, our platform must cease operations involving token collection within 30 days or face removal from the Discord Developer ecosystem by July 14, 2025.

We are publishing this statement to explain clearly and formally why we believe this action is unfounded, and to present our case for compliance under Discord’s own terms of service.

The Policy Cited

Developer Policy 4 prohibits developers from collecting, soliciting, or deceiving users into providing login credentials, including passwords or bot tokens.

This provision is primarily intended to protect users from malicious actors, preventing the creation of applications that deceive users into providing tokens for nefarious purposes such as hijacking bots, compromising accounts, or gaining unauthorized control over assets.

We fully support the intent and importance of this policy. User safety and platform integrity are vital. However, we believe this policy has been incorrectly applied to BotGhost, which operates transparently and in good faith under a model that is both common and permitted under Discord’s own terms.

The Service Provider Exemption

While Developer Policy 4 forbids general token collection, Discord’s official Developer Terms of Service provide an explicit exemption for Service Providers. These are platforms that act on behalf of developers to support the operation of their applications. The terms allow Service Providers to access and store tokens under the following conditions:

• The Service Provider accesses APIs and API data solely at the direction of the developer or user

• The tokens and API data are used only to operate or develop the application

• Tokens and API data are deleted when access is revoked or services are terminated

• The Service Provider does not use the data for any other purpose, including its own

BotGhost meets all of these conditions. Tokens are only provided by users voluntarily to operate their own bots. They are used exclusively to perform actions authorized by the user. No tokens are used to operate other bots or for any internal BotGhost functionality. When users delete their bots or accounts, all tokens are permanently removed from our systems.

Our Position

BotGhost is functionally identical in role and responsibility to platforms such as Replit, Glitch, Render, or AWS, where users are given the ability to host and operate Discord bots by storing API keys or bot tokens, typically as environment variables, and running code that interacts with Discord’s API.

However, while those platforms require users to write and deploy code, BotGhost allows users to build their bots through visual logic flows and configuration tools. Instead of uploading or executing code, users design action flows in our dashboard, which are then interpreted and executed by our backend infrastructure as real-time bot operations.

In practical terms, this means that BotGhost performs the same function as these hosting providers: it operates user-authorized bots using the credentials they provide. The only difference is how the user defines the logic, through a no-code interface instead of source code.

We do not scrape tokens, request them deceptively, or use them outside the scope of direct user instruction. Like any infrastructure provider, we store tokens as environment variables and use them solely to initiate and sustain the user’s bot instance, exactly as platforms like Replit or AWS would do when executing user-submitted code.

This is a long-standing and well-established approach across the Discord developer ecosystem. The use of tokens in this context is not a violation of policy, it is a technical necessity, and an industry standard.

To interpret this as a breach of Developer Policy 4 would be to treat every infrastructure platform, educational tool, or bot hosting service that uses environment tokens as inherently noncompliant. That is neither the original intent of the policy nor a fair application of the rules as written.

BotGhost has functioned transparently for more than seven years, with over three million bots created and hosted by users who explicitly authorized this access. No prior objections have been raised despite the operational model being fully visible, consistent with industry norms, and aligned with Discord’s own Service Provider framework.

This Is Not Unique to BotGhost

To further illustrate that this is not an isolated practice, we have compiled a list of other platforms, many of them among the largest developer platforms in the Discord ecosystem, that operate using the exact same architecture. These platforms either:

• Ask users to paste bot tokens into a dashboard

• Store bot tokens as part of a hosting or orchestration flow

• Run bots directly from user-supplied tokens via environment variables or secure config

These tools and services are widely used and form the backbone of much of the bot ecosystem on Discord. To penalize BotGhost while allowing identical functionality elsewhere represents an inconsistency in enforcement, not a violation in principle.

Below this section, we’ve attached a non-exhaustive list of comparable platforms that operate in the same manner. We believe this provides strong context for why our use of tokens is neither deceptive nor exceptional, it is aligned with what is considered both standard and acceptable practice within the Discord development community.

Our Request

We have requested that Discord formally recognize BotGhost’s operation as compliant under the Service Provider provisions outlined in their Developer Terms. We are fully willing to work with Discord to ensure continued alignment and security and are open to any adjustments that may be required to clarify our intent and implementation. However, we reject the implication that our platform is in violation based solely on the existence of token usage, without consideration of the context and safeguards in place.

We remain committed to compliance, transparency, and the long-term integrity of both our platform and the broader Discord developer ecosystem.

Other Services in Breach

We are including this section to provide a simple, factual list that shows how common it is for Discord-related platforms to use bot tokens in the same way we have. This is clearly not unusual or unique to BotGhost. It is standard practice across many well-known services in the ecosystem.

We are not calling for any of these platforms to be shut down or penalised. Many of them are valuable tools that support millions of users. However, the fact that all of them use bot tokens, some in identical or even more direct ways than we did, raises an obvious question: why have these platforms not received breach notices?

Discord is undoubtedly aware of how widespread this practice is. The platforms listed below are not hidden or obscure. They are public, popular, and in some cases directly promoted by Discord itself.If Discord’s Terms of Service and Developer Policy were enforced consistently, it is difficult to understand why only select platforms, particularly smaller ones, are being targeted.

This list is not meant to criticise these platforms. Some of these platforms have been instrumental in BotGhost’s success and have been amazing to work with and talk with. It is instead meant to demonstrate that what we were doing was entirely normal and that the current enforcement of Discord’s policies appears to be selective at best.

Mee6 (https://mee6.xyz) – 21 million servers

Source: https://mee6.xyz

Mee6 advertises a Custom Bot System where users can provide a bot token to self-host a version of Mee6. They provide step-by-step instructions on how to provide Mee6 with a bot token.

Dyno (https://dyno.gg) – 10.6 million servers

Source: https://dyno.gg

Dyno advertises a Custom Bot System where users can provide a bot token to self-host a version of Dyno. They provide step-by-step instructions through their ‘Setup Wizard,’ where a bot token must be added to create a custom bot. The guide can be found on their site.

Discord Bot Maker (Steam) – Usage not publicly disclosed

Steam: 2,339 reviews

Discord Bot Maker is a custom no-code bot creator and requires users to insert their bot token to have it hosted. It asks for and stores all user bot tokens. This is explained step-by-step through the Steam page and getting started videos.

Bot Designer for Discord (https://botdesignerdiscord.com/) – Over 2 million downloads

Source: NilPointer Software

Bot Designer for Discord is a custom no-code bot creator and requires users to insert their bot token to have it hosted. Bot Designer for Discord asks for and stores all user bot tokens. This is explained step-by-step in their documentation under "First Steps."

BotWiz (https://botwiz.dev) – 4,100 bots created

Source: Discord message

BotWiz is a custom no-code bot creator and requires users to insert their bot token to have it hosted. BotWiz asks for and stores all user bot tokens. This is explained step-by-step through their documentation.

Cookie API (https://www.cookie-api.com/) – 670,000 requests per month, 7 million lifetime

Source: https://www.cookie-api.com

The Cookie API requires users to enter their bot token to make use of their API. This is explained step-by-step through their documentation.

Autocode (Discontinued) – Reached 750,000 users

Source: LinkedIn Active: February 2016 to April 2024

Autocode was a discontinued custom bot creator project where users could code using Autocode’s custom library to make programming easier. To use the platform, users had to add their own application through their bot token.

Kite (https://kite.onl) – Over 1,000 applications

Source: Discord message

Kite is a custom no-code bot creator and requires users to insert their bot token to have it hosted. Kite asks for and stores all user bot tokens. This is explained step-by-step through their documentation.

Inventor (https://inventor.gg) – Usage not publicly disclosed

Community: Discord server with over 2,300 members

Inventor is a custom no-code bot creator and requires users to insert their bot token to have it hosted. Inventor asks for and stores all user bot tokens. This is explained step-by-step through their YouTube channel.

Bot Studioo (https://www.botstudioo.com/) – Usage not publicly disclosed

Bot Studioo is a custom no-code bot creator and requires users to insert their bot token to have it hosted. Bot Studioo asks for and stores all user bot tokens. This is explained step-by-step through their documentation.

Bot Maker for Discord (Steam) – Usage not publicly disclosed

Bot Maker for Discord is a custom no-code bot creator and requires users to insert their bot token to have it hosted. Bot Maker for Discord asks for and stores all user bot tokens. This is explained step-by-step through their documentation.

Shapes Inc. (https://shapes.inc/) – 30 million users

Source: X/Twitter post

Shapes Inc. was a custom no-code bot creator that required users to insert their bot token to have it hosted. Unlike others, Shapes Inc. was forced to cease operations by Discord due to a violation of Chapter 4 of the Discord Developer Policy.

However, this is the same policy that platforms like Mee6 and Dyno have been openly breaking for years. Shapes Inc. reached out to Discord and proposed secure authentication methods that would allow all platforms, including Mee6, Dyno, and Shapes Inc. to operate in compliance with Discord’s policies. They received no support. Only the smaller company, Shapes Inc., was forced to shut down, while larger platforms were allowed to continue unchanged.

Security Notification Transparency

We want to be transparent about the security issues that were reported and how we addressed them. These vulnerabilities were real, and some were serious. We are not excusing them, they should never happen. But we believe it’s important to provide context.

Security issues like this are more common than most people think. In most cases, they are quietly reported, patched quickly, and handled behind the scenes through standard bug bounty processes, even at companies like Discord, Google, Microsoft, and Facebook. What matters is how you respond. And we responded immediately, responsibly, and transparently.

Summary of the Breaches

• Interaction Token Vulnerability An unescaped variable in an interaction token allowed users to edit a message and force the bot to send a button. If clicked, this button could trigger a PATCH request to a Discord endpoint and return a bot token. While real, this issue was limited and difficult to exploit. Most users were unaffected. All affected users were contacted directly and immediately. We issued personal apologies and provided compensation. Every user we spoke with was satisfied with the response and understood that these things occasionally happen.

• API Route Vulnerabilities Legacy API routes in our backend were discovered to have weaknesses that could be abused to retrieve sensitive data, including bot tokens. These routes were patched within hours of the report. We estimate that fewer than 100 bots were affected out of the millions created on BotGhost over the years.

How We Handled It

• All issues were fixed as soon as they were discovered

• We worked directly with the reporters via group chats to understand the problems and confirm the fixes

• Bug bounties were offered and paid to those who reported responsibly

• We had planned to publicly announce these fixes along with a full token reset, a new security page, and a professional audit

• That plan was paused when Discord issued a separate breach notice against us regarding token usage, which became our top priority

Security Breaches Are Common Even for Major Platforms

• Security vulnerabilities happen, even to the largest and most well-resourced companies

• You can visit haveibeenpwned.com to see how widespread this problem is

• Discord has also experienced significant security incidents, such as:

  • Discord Support Agent Breach in March 2023, which exposed up to 180 user-submitted support tickets

  • Discord.io Data Breach in August 2023, which exposed data for approximately 760,000 users

• Major companies like Google, Microsoft, and Meta have paid millions in bug bounties for similar reports

• This is the industry norm what matters most is the response

Important Clarification

• Discord’s current enforcement action against BotGhost has nothing to do with these vulnerabilities

• Their stated concern is focused entirely on our use of bot tokens

• We have received no indication that the reported security issues influenced their decision in any way

Full timeline of Events

We want to be completely transparent with our users about the situation surrounding Discord's recent actions and provide a clear timeline of what has occurred behind the scenes. There has been a lot happening, and it is important that we share the full story. These events span from late May to today.

Temporary Absence and Initial Quiet Period

During this time, I was overseas with my family. This explains why I had been quieter than usual and why there had not been any new feature releases or platform updates.

Initial Vulnerability Report

A user reported a vulnerability related to interaction tokens. Unfortunately, the original report was sent to our spam folder and went unnoticed. I later received a direct message from Dax, who brought the issue to my attention.

Upon learning about the vulnerability, I immediately returned to my hotel and applied a patch within 45 minutes. I offered the reporter a bug bounty for responsible disclosure. I also recorded this fix, along with a number of other small changes, in a notepad with the intention of announcing them together in a future update as normal.

Involvement of NTTS and Public Disclosure

The reporter also contacted NTTS, a well-known content creator in the Discord space. NTTS reached out to me with some questions. At the time, I was travelling on a train at night, and the conversation unfortunately became somewhat tense due to the timing and lack of progress.

Ultimately, we both acknowledged the unproductive nature of the exchange. NTTS went on to publish a video explaining the issue. His coverage was largely accurate and fair.

First Contact from Discord

Shortly after the NTTS video, I received an email from Discord referencing the interaction token breach. The message was sent at 7:00 PM and stated that I was required to respond by 11:30 AM the following day.

If I failed to meet that deadline, Discord said they would delete my account, the BotGhost application, and all associated accounts.

The timeline was incredibly unreasonable. I was travelling overseas with my family at the time and had just sat down for dinner. I left immediately and returned to my hotel to begin working on the response. The form Discord required me to complete was extensive, containing 18 questions and requesting a large amount of technical information and context.

I managed to submit the full response that same evening.

To this day, I have never received a reply or any kind of follow-up from Discord regarding that submission.

If I had been at home in Sydney at the time, I might have missed the deadline entirely due to the time zone difference. The notice landed at 7:00 PM PST, which would have been 12pm the following day in Sydney. For such a serious threat, the lack of flexibility or support was alarming.

Additional Vulnerability Reports Sparked by NTTS Video

NTTS’s video brought increased attention to our platform, particularly from white-hat hackers and independent security researchers. We received probably around 60 reports in 48 hours with 58 of them amounting to nothing. Some of them however discovered vulnerabilities in older API routes that could lead to token leaks among other things that were indeed serious.

At the time, I was far from my hotel. I joined a group chat with the reports while walking five kilometres back and passed along the findings to one of our developers so they could begin applying fixes immediately.

All identified issues were fixed straight away. The researchers initially requested a bounty in the range of 600 to 1,000 USD. I offered and paid 2,500 USD as a token of appreciation for their help and responsible reporting.

Planning for Broader Security Improvements

It became clear that a full security audit was necessary, along with a proper system for resetting bot tokens across the platform.

I began making arrangements with a security professional who shares my coworking space back in Sydney. Their role would be to conduct a thorough audit of BotGhost's backend, API, and dashboard.

At the same time, I explored how to securely reset all bot tokens. Unfortunately, the only method currently offered by Discord involves committing them to a public GitHub repo, which is not a viable or secure option.

I formally requested from Discord a way to regenerate tokens and followed up on my earlier email, which remained unanswered. Internally, we began developing a solution to force token regeneration, assuming we would continue receiving no response from Discord.

We also started building a new security page, crafting a user-facing announcement, and selecting a timeline for the rollout for when I got back.

Continued Lack of Communication from Discord

Despite our continued outreach, we received no response from Discord. Based on our prior experience, we assumed this would remain the case. (Further details are shared in a later section.)

Discord’s Friday Evening Email

We then received another email from Discord, which was scheduled to be delivered at exactly 7:00 PM PST on a Friday evening. It contained a notice regarding the token breach but failed to acknowledge anything from our previous responses. The email was entirely centered around our use of tokens to operate. It seems as though by requesting a way to reset tokens they became aware we used tokens to operate. It did not answer any of our follow-up questions, matters around the security breach or any other update.

Instead, it simply demanded that we resolve the situation within 30 days. There was no context provided. The timing felt deliberate, possibly to avoid engaging over the weekend. It reminded me of how companies often choose to deliver difficult news late on Fridays.

Immediate Response From the Airport

I replied to Discord from the airport, again requesting clarification. I attached screenshots and prior conversations with various Discord employees, including instances where we had received explicit confirmation that our use of bot tokens was permitted and that we were recognised as a legitimate hosting provider. I also provided information on other services that would apparently be in breach (which are listed above). At this time I assumed that this employee didn’t really understand how platforms operate on Discord especially around tokens.

Preparing for the Worst

For the following week, I received no response. During this time, I began preparing for the possibility that BotGhost may be forced to shut down.

I contacted my accountant to seek advice on winding down the business, and spoke with the people who work for me, including server admins and contractors who rely on income from BotGhost. I also began consulting with mentors, other platform founders, and Discord employees to better understand our position and the next steps.

All feature updates were paused, and I began compiling a complete overview of the situation for the purpose of transparency and planning. During this time I constantly asked for follow ups to only receive brick walled scheduled emails simply asking for the master list of application ids.

Outreach to the Wider Discord Platform Ecosystem

Myself and Fabian reached out to every other major platform in the Discord ecosystem, including those much larger than BotGhost, to ask whether they had experienced similar issues or had contacts at Discord (literally every platform you could think of).

The overwhelming response was that they too had no real contact with Discord, and most felt they were operating entirely at Discord's often misapplied discretion. Every founder I spoke with shared similar frustrations. They also warned me that the request for the application ids was most likely an attempt to get a master list of ids that they can then use to shut down BotGhost similar to what happened with Shapes.

Repeated Follow-Ups and Demands

Every two days, I followed up with Discord with a simple request for any update.

The only responses I received were generic replies asking again for a master list of application IDs.

Further Communication With Founders and Discord Employees

During this time, I continued reaching out to other founders in the Discord space as well as several employees at Discord through unofficial channels.

The consistent feedback I received from these conversations was that most people genuinely did not understand what the issue was. Multiple founders shared that the way we handled bot tokens, including the so-called “token solicitation,” was common practice across many platforms. There was a general consensus that we were not doing anything out of the ordinary, and certainly nothing malicious.

Even some Discord employees I spoke with appeared confused about the situation and were not fully aware of what was happening internally.

Because of these conversations, I remained hopeful that Discord would acknowledge the work we had already done to resolve the issues, remove the breach notice, and ask us to reset all user tokens as a precaution. We were fully prepared to do that. It seemed like a logical and fair outcome.

What followed, however, was quite different.

Final Ultimatum From Discord

Eventually, I received a response stating that Discord had reviewed my previous messages and determined that we remained in breach. They threatened legal action if we did not provide the requested application IDs. Once again this email was scheduled to be sent at the end of day Friday night (7pm PST). It seems this employee only sends important information before a weekend so they don't have to respond again for a few days.

They also stated that Discord would delete every bot ever associated with BotGhost, effectively wiping out over 7.5 years of platform history.

In response, I began preparing all relevant documentation, backend adjustments, and the full list of application IDs. I included a formal warning and heads up to Discord, noting that this list includes eight years of bot IDs and that 99.9 percent of them are no longer associated with BotGhost in any way and my intent to provide the list by the end of Monday 23rd June PST time.

What I Think Happened

This is speculative, but based on our experience and the way this has unfolded, here’s what I believe happened internally at Discord:

• A security report was filed. This could have come from the original bug reporter, NTTS himself, or simply someone who watched their video. Maybe someone at Discord is just a big NTTS fan. Regardless, the vulnerability disclosure drew attention.

• The report landed with Discord Developer Compliance. This team handles developer compliance issues specifically related to bots and apps. Their day-to-day job is simple: ban bots, ban apps, repeat. It’s like the old saying: if all you have is a hammer, everything looks like a nail. If your entire job is revoking apps and reviewing abuse reports, eventually everything starts to look suspicious, especially when you don't deeply understand how these platforms work.

• They fired off a basic form request. We got a generic form asking for more information, which we responded to immediately with full transparency. But because this team likely deals with hundreds of these a day, our reply probably got buried under a pile of unrelated abuse reports, token phishing apps, and general bot spam.

• A week later, I followed up. I emailed asking if Discord had a way to mass reset bot tokens. That likely triggered them to look at our platform more closely. They Googled BotGhost, saw that we allow users to paste in bot tokens, and decided that was a violation of Developer Policy 4.

• Then came the breach notice. They scheduled it for 7 PM on a Friday (for reasons unknown), and it focused exclusively on our token usage. The wording was strange, they referred to bot tokens as "user authentication tokens" and even “passwords,” which strongly suggests they don’t fully understand how bot tokens are used, or what BotGhost actually does.

• From there, it was just procedure. Over the following weeks, I sent several follow-ups asking for clarification, assistance, or any pathway to comply. Nothing. Because their job is not to assist developers, it's to process violations and move on. They don’t seem to grasp the scope of our platform, our user base, or what shutting us down would mean to millions of users.

• The focus remained singular: tokens. To them, a breach equals a token reset. A token reset equals a violation. And that’s all they see. The nuance, the intent, the industry standards, none of that factors into their response because their only objective is to close the ticket and move on to the next ban.

The nightmare of building on Discord for 7.5 years and the enshittification of Discord.

We are including this section to explain one of the most frustrating parts of this entire process, the complete and total lack of communication from Discord. This has not just affected us. It is a widespread problem that nearly every developer and platform in the ecosystem has experienced at some point.

Despite third-party developers being absolutely foundational to Discord’s success, Discord has created an environment where working with them is incredibly difficult, if not impossible.

No Support Channels, No Contacts, No communication

There is no formal way to speak to anyone at Discord about serious developer issues. These are not minor problems. The majority of the tickets we have submitted have been requests for clarification around the Terms of Service and Developer Policy, often in situations where even a small misunderstanding could lead to a breach notice or shutdown.

But instead of being able to speak to someone from a developer support team or even a basic human contact, we are forced to submit these requests through the same general-purpose form that every regular user uses: support.discord.com. There is no developer-specific support channel. No dedicated team. No account manager. No public contact point for anything developer-related.

Over the past few years, we have submitted numerous tickets through this form. Our average response time has been eight months. This is not a one-off case. That is the average across multiple tickets.

When we do eventually receive a reply, it is often inconsistent or contradictory. On one ticket, we received multiple responses from different staff members who gave entirely different answers. One response said we were in the clear. Another, a few days later, said the opposite, with no acknowledgement of the previous message.

The response you get depends entirely on which Discord employee happens to open your ticket. There is no consistency, no shared context, and no accountability. You cannot ask for clarification. You cannot request escalation. You cannot speak to anyone directly.

These decisions are not trivial. They impact entire platforms, communities, and businesses. Yet there is no structured process for resolving them. Just a broken support form and silence.

As an example, these responses below are all the responses to the same ticket.

Autoclosed Tickets and No Responses

One of the most frustrating patterns we have seen is how often our tickets to Discord support simply vanish. In the vast majority of cases, around 9 out of 10, we receive no response at all, or the ticket is silently and automatically closed without any explanation.

This happens consistently, and almost always when the issue is actually important. Any ticket that raises a serious or uncomfortable question, whether it is a Terms of Service clarification, a follow-up on a previous staff response, a feature request, or a report of targeted harassment or DDoS attacks is likely to be ignored or auto closed. The general rule of thumb we have found is that if the question is difficult to answer, no answer will be provided.

Personally, I have submitted more than 18 separate tickets over the past three years asking for clarification around Terms of Service or policy questions. Of those, 16 were either closed without any response or replied to with a generic message saying, "we cannot help you." These were thoughtful, legitimate questions sent in good faith, and they received no meaningful engagement whatsoever.

We have also reported extremely serious incidents, including harassment, doxing, and DDoS attacks targeting our team and users. Some of those tickets were closed immediately after submission, without ever being looked at. Others sat unanswered for months before being closed silently.

There was no follow-up, no escalation path, and no support.

This led us to start reaching out to other developers in the space to see if they were dealing with the same thing. Almost everyone we spoke to had similar stories. Whether they were running some of the largest platforms on Discord or small community projects, they were being ignored, dismissed, or stonewalled when trying to get real answers or help.

For people who are genuinely trying to build on Discord and do things the right way, this is incredibly frustrating and deeply concerning. It feels like you are being left in the dark, with no way to get help, even when you are actively trying to stay within the rules.

Group Chats: A Community Left to Solve Its Own Problems

Over time, informal group chats have sprung up between developers across the Discord space. These chats exist solely to try to figure out how to get Discord to respond and to share information when they do.

We share tactics. We compare the tone of responses. We try to reverse-engineer what kind of language might get picked up by a human instead of a bot. In many cases, we are simply trying to guess the rules because there is no reliable official documentation, guidance, or communication about what is allowed and what isn’t.

These chats are filled with people trying to run platforms that serve millions of users and we are all spending more time trying to get a reply from Discord than we are building features or supporting our communities.

Contacting Discord Employees Through External Platforms

Because the official support pipeline is essentially unusable, we have had to resort to reaching out to Discord employees directly on Twitter, Twitch, Slack, LinkedIn, and alternative Discord accounts.

In most cases, these employees were helpful and genuinely tried to assist. But nearly every conversation came with a disclaimer:

• “This stays between us.”

• “Off the record.”

• “You didn’t hear this from me, but…”

• “It should be fine, but I can’t promise anything.”

This is the only way we were able to get any kind of clarity at all. And even then, it was informal, inconsistent, and never something we could rely on. These off-the-record comments often conflicted with the official responses (if we got one at all), and left us in a position where we were afraid to move forward in any direction.

This is not how a developer ecosystem should function. No one should be forced to track down employees on unrelated platforms just to understand whether they are in breach of rules that are not clearly defined to begin with.

Most Platforms Have Partner Managers. Why Doesn’t Discord?

One of the most confusing and frustrating parts of this experience is that nearly every other major platform provides direct, timely support for developers, creators, or businesses operating at scale. This is standard practice across the tech industry and something builders have come to expect.

• Twitch has dedicated partner managers for streamers

• YouTube provides creator support and account representatives

• Stripe offers fast, developer-focused support. I have personally reported bugs and received thoughtful replies in under 12 hours, sometimes with fixes already deployed. I have a dedicated person at Stripe I can contact at any time.

• AWS responds to support tickets from any user in under 24 hours. I have a dedicated person at AWS who I can contact at any time.

• MongoDB has assigned me a dedicated partner manager who I can contact directly at any time for any reason. At any time I can schedule a zoom meeting with a real person to go over any problems I am facing.

• Zendesk has dedicated support for bigger accounts. We have a dedicated account manager who we can contact directly at any time for any reason.

• Google Cloud, Shopify, Notion, and many others offer success managers, account reps, or priority support for growing teams

• Even many smaller SaaS products offer onboarding calls, dedicated support channels, or at the very least, a direct email address. Virtually every saas product I use I have a direct line to someone if I am having problems.

BotGhost is not a niche or hobby project. We have been operating since 2018 and have a large, active user base that relies on our platform every day. Despite this, we have never been offered a partner contact, developer liaison, or even a reliable way to speak to a real person at Discord.

Ironically, this situation marks the first time in 7.5 years that Discord has ever reached out to us proactively. Every other conversation or support ticket we have had with them was initiated by us, often after months of delays or auto-closed responses.

To be clear, we are not demanding special treatment. We are simply pointing out how out of step Discord’s approach is compared to nearly every other major platform. For those of us who have spent years building tools that genuinely support and expand the Discord ecosystem, it often feels like we are being left out in the cold with no guidance and no support.

The Enshittification of Discord

What we’re experiencing is not just a BotGhost issue. It is part of a broader decline in how Discord treats its developers, users, and community. What used to be a platform built for communities and by developers is quickly becoming a product shaped by executives and investors, moving toward an IPO at the cost of transparency, utility, and trust.

There is a growing fear, both inside and outside the company, that Discord is undergoing what many have called enshittification, a term used to describe what happens when platforms prioritize monetization and investor returns over users and creators.

This is not just our opinion. A quick search online turns up countless articles, Reddit threads, videos, and even quotes from Discord’s own leadership acknowledging the problem.

Evidence and Growing Concern

• Reddit discussions highlight recent changes that echo Reddit and Twitter's decline in user experience Reddit thread discussing Discord's decline

• Layoffs, ads, and IPO pressure: Discord recently laid off 17 percent of its staff and is pushing mobile video ads and "Quests," a move widely seen as signaling a shift toward investor over user The Verge: Discord lays off 17 percent The Verge: Discord testing mobile ads

• Leadership upheaval: Discord’s co-founder and CEO was quietly removed, and the new CEO previously led Activision, a company not known for user-first decisions Kotaku: Discord, Reddit, IPO, and the user experience Bellular Games on Discord’s decline

• Even Discord’s own co-founder is concerned: The company’s former CTO, Stanislav Vishnevskiy, said in an interview that he constantly brings up the risk of enshittification in meetings Engadget: Discord's CTO warns of enshittification Ars Technica: Internal concern over enshittification

• The Shapes shutdown sent shockwaves through the developer community. Discord took down the platform with no notice, despite it operating the same way as much larger services like MEE6 and Dyno Community outcry over the new username system Shapes response to their shutdown. Warning developers away from Discord.

• Video commentary on the issue is growing, with creators expressing deep concern about the direction Discord is heading “Discord is getting worse” – YouTube “The fall of Discord” – YouTube

• Broader coverage is emerging about how Discord is prioritizing monetization and brand safety at the expense of community and innovation Redact: Will Discord’s IPO ruin it?

We are not alone in this. There is growing unease across the ecosystem from developers, moderators, educators, creators, and even internal voices that Discord is abandoning the very people who made it thrive.

Our Response and Commitment Over the Years

Before we talk about next steps or subscriptions, we want to thank everyone who has supported BotGhost and BotPanel. Whether you subscribed, created a bot, used it in a classroom, or just tried it out, thank you. We wouldn't have come this far without you.

This project has never been a hobby or weekend experiment. It has been seven years of daily work. I’ve worked on BotGhost during holidays, on trips, and in the middle of the night. We even set up a system where Fabian can trigger a command that turns every light in my apartment red and sets off an alarm if something breaks overnight.

BotGhost has been part of my daily life for the past seven and a half years. It’s something I’ve lived and breathed every single day.

BotGhost exists because of a team of people who have dedicated huge amounts of time and effort. Dax, Fabian, Matt, Barney, Vez, Sloth, our managers, moderators, and support team have all contributed thousands of hours to this project. On most days, they have put in more work than I have.

Our users have done just as much. Millions of hours have been spent building bots, creating custom commands and events, testing features, and helping others. BotGhost has been used in university classrooms as a way to teach logic flow and introduce students to programming. For many people, it has been their first real experience creating something on the internet.

All of that is now at risk. Not because the product failed, or the users left, or we stopped caring. But because a few people at Discord decided to interpret vague Terms of Service rules without explanation, consistency, or any way to comply.

We are more than willing to work with Discord. We have always been willing. We have reached out multiple times, made the necessary fixes, and started preparing to improve everything further, including a token reset and full security audit. This is the first time in seven years we have ever faced an incident like this. We responded quickly, took responsibility, and worked to resolve it. What more were we supposed to do?

Instead of being given a path forward, we have been left in silence. Meanwhile, other platforms, including much larger ones like MEE6 and Dyno, continue to operate using the exact same token flows we are being penalised for.

With Discord preparing for an IPO and a new CEO taking over, things have become worse. Developer support is shrinking. Enforcement is more aggressive. The platform is becoming harder to build on, not easier. And people have noticed. Concerns are growing within the community, like in this post.

We are not trying to fight Discord. We are trying to help build it. All we have ever wanted to do is improve the ecosystem and give users more tools to create great things. Instead, we have been treated like a threat. Like criminals. Thrown away with no conversation, no chance to adapt, and no recognition for the millions of hours poured into making this platform better for everyone.

This is not just about us.

We know how many servers and communities have been built using BotGhost. We have seen the custom commands, the event systems, the fun and useful bots that kept things running and brought people together. We know how much time and effort our users have invested into building something meaningful on top of this platform. All of that work is now at risk, and none of it deserves to be thrown away like this.

What Will Happen If This Decision Is Not Reversed

If Discord does not reverse or clarify their position, we want to be clear about what you can expect. These are the direct consequences based on the current situation.

• Discord is threatening to delete all applications associated with the BotGhost platform, similar to what they did with Shapes Inc.

• Their messaging is vague. We have no idea what they actually plan to do with the application list they requested.

• They have provided no guidance, no explanation, and no path to compliance, only vague threats and deadlines, as you can see from the emails we shared above.

• Discord will most likely reset all tokens. But we have no idea which bots will be reset, when it will happen, how it will be done, or who will be affected.

  • No information was given on whether it applies only to active applications, all applications ever created, or all users who have ever logged into BotGhost.

• They are not directly saying "shut down" but are requiring us to find a new way to authenticate bots, which does not currently exist.

• If Discord does not reverse or clarify this decision, BotGhost will be forced to shut down by July 14, 2025. This will happen with certainty.

• Because BotGhost is a no-code platform, we cannot export your bot’s logic, settings, or structure.

• If the shutdown happens, all user data will be permanently lost. There is no recovery or migration path available.

What You Can Do

If you use BotGhost, or have used it in the past, this decision directly affects your bot.

Discord is not just taking action against our platform. They are taking action against the bots we host, which includes yours. If BotGhost is forced to shut down, your bot will stop working. Your settings, custom commands, custom events, market commands, market events and any work at all hosted on BotGhost will be lost. Because BotGhost does not produce code, there is no way for us to export your bot's configuration.

We’ve already fixed the issues, reached out to Discord, and followed up multiple times without any resolution. At this point, the only way Discord is likely to reconsider is if they hear directly from you.

Discord Has Invited You to Appeal

Discord has invited our users to appeal this decision. You do not have to do this, but if you want to keep your bot working, or if you believe Discord should apply its Terms of Service consistently, now is the time to say something.

Appeal link: https://support.discord.com/hc/en-us/requests/new

Even a short message is enough. You are not required to write anything lengthy.

What to Say

We do not want to provide you a template you can simply copy paste in your appeal. We think it will be much more valuable if you share your experiences and thoughts on the matter directly with Discord. You can include any of the following points in your appeal:

• I host my bot through BotGhost. If the platform is shut down, my bot will stop working and I will lose everything I created.

• There is no export option. My configuration, logic, and data cannot be recovered elsewhere.

• Why is BotGhost being targeted while other platforms using bot tokens continue to operate?

• BotGhost fixed the reported issues. They’ve requested clarification and received no response. Why is there no path to compliance?

• Please reconsider this decision or give BotGhost a clear way to meet Discord’s requirements.

If you dont know what to say you can simply reword what we have said about the situation. Adding your voice to ours helps tremendously.

Other Ways to Help

• Retweet and Share We will post our full statement on X (Twitter). Share it. Retweet it. The more visibility this gets, the better. Twitter (X) Post

• Share Your Experience If BotGhost helped you create something, learn programming, or run your community, explain that. Even a single sentence helps.

• Tell Others If you know someone else using BotGhost, let them know what is happening. They may want to file an appeal as well.

This is not just some random company being affected. It is your bot and your work.

If you want to keep it, speak up now.

What We Will Be Doing Moving Forward (If We Do Not Receive a Response)

We want to be fully transparent with our users about the steps we’ll be taking if we do not receive a clear resolution or communication from Discord.

• We will be switching off all bots until Discord takes action, such as resetting tokens or formally communicating what their next steps are

  • Our backend cannot safely handle a sudden token reset of every bot and every user trying to regenerate it at once

  • If this happened all at once, we would be rate limited by Discord immediately, which would cause platform-wide issues and disrupt users even further

• Once Discord has taken action and we are able to safely proceed, we will switch bots back on and continue operating as normal, but pause all new subscriptions while we assess the situation

• We will provide regular updates and full transparency about our communication with Discord here in the server, so users are never left in the dark

• If we do not receive a resolution by July 14th, we will proceed to fully disable the platform and begin the process of issuing refunds to affected users

  • What the refund process will look like is not yet fully determined, but we will keep everyone informed as we work through it

We are still hoping for a fair and reasonable outcome. But if we do not receive any form of communication or action, we are prepared to act in the best interest of our users and community.

TLDR: What’s Happening With BotGhost and Discord

• Discord issued a breach notice to BotGhost, claiming the platform violates Developer Policy 4 by handling bot tokens, which has been a core part of how BotGhost has worked since 2018.

• BotGhost has always operated transparently, using tokens only when provided directly by users to run their own bots. This model is identical to other platforms like Replit, Glitch, and AWS, where users deploy bots using environment variables.

• This enforcement seems selective. Major platforms like MEE6, Dyno, and many others use the same or more direct token-based methods, yet only BotGhost and one other platform (Shapes Inc.) have received takedown threats.

• If Discord does not reverse or clarify their position, BotGhost will be forced to shut down by July 14, 2025. This includes deletion or token resets for all bots ever associated with the platform.

• We don’t know how far Discord will go. They’ve requested a full list of all bot application IDs ever used on BotGhost but haven’t told us what they’ll do with it, when, or how. No instructions, no technical explanation, no roadmap, and no communication beyond vague threats.

• No path to compliance exists. Discord is demanding we stop using tokens to authenticate bots but has not provided an alternative method that works.

• BotGhost cannot export bot configurations due to its no-code structure. If shutdown happens, all bots and user data will be permanently lost.

• The trigger for this enforcement was a security vulnerability (now fixed) reported by white-hat hackers. It affected fewer than 100 bots out of millions and was handled swiftly and responsibly with direct outreach, bug bounties, and fixes.

• We had already planned a full security response including token resets, a public announcement, and a professional audit before Discord responded with breach notices unrelated to the security issues.

• Discord support is broken. Average ticket response time is 8 months, most tickets are ignored or closed without explanation, and there is no way to speak to a real person. Developers rely on group chats and private messages to Discord employees to get answers.

• Discord is racing towards enshittification. Discord's broader decline is causing concern across the developer and user community, with increasing layoffs, monetization shifts, poor communication, and inconsistent enforcement of rules. Even Discord’s own co-founder has raised internal alarms about the platform’s enshittification.

• We’ve tried everything. We responded to every notice, reached out repeatedly, provided explanations and documentation, and offered full cooperation. The only replies have been demands for application IDs.

• BotGhost has served over 3 million users, handled over 100 million commands, and helped countless people learn logic and programming, including in schools and community servers.

• This is not just about us. Your bot is at risk too. If you ever used BotGhost, even once, you could be affected.

What You Can Do

• Submit an appeal to Discord (link in our post). Even a short message helps. Share how BotGhost helped you and why your bot matters.

• Ask for fairness. Why is BotGhost being targeted while larger platforms that do the same thing continue to operate?

• Help spread the word. Share the situation, retweet our post, and tell other users.

• This is not just about one company shutting down. It’s about an entire platform and the community around it being discarded without conversation or clarity.

In Closing

We’ve built BotGhost over 7.5 years with care, transparency, and a deep respect for Discord’s ecosystem. We’ve followed the rules as best as we understood them, based on guidance from Discord themselves. This situation is confusing, frustrating, and deeply disheartening, not just for us, but for the millions of users who built something meaningful on our platform.

We’re not looking for special treatment. We’re asking for fair, consistent enforcement and the chance to keep doing what we’ve always done: help people create, learn, and grow on Discord.

Thanks for reading.

Thomas Adam (Founder@BotGhost)

[email protected]