DeFi Protocols Quit Discord as ‘Resolv’ Verification Scam Drains Wallets
Morpho and DefiLlama exit Discord as sophisticated ‘Verify and Die’ phishing campaigns target users via spoofed verification bots.
The Lead
The era of Discord as the town square for crypto communities is ending. Following a viral Reddit thread exposing a sophisticated “Verify and Die” phishing campaign, major DeFi protocols including Morpho Labs and DefiLlama have begun shuttering their public servers. The catalyst is a new wave of drainers masquerading as verification bots for the stablecoin project Resolv, luring victims to the spoofed domain discresolv.xyz. Once a user clicks “Verify,” a malicious smart contract silently strips their wallet of ETH and stablecoins via Permit signatures.
The Mechanism: ‘Verify and Die’
The attack vector is socially engineered, not technically novel. Users receive DMs or see announcements in compromised channels directing them to verify their identity to access a server. The phishing site, discresolv.xyz, is a pixel-perfect clone of the legitimate resolv.xyz. Instead of a signature for identity, the site prompts a permit approval, a gasless authorization that grants the attacker unlimited spending power over specific tokens.
Security firm Scam Sniffer noted that while overall phishing losses dropped 83% in 2025 to $84 million, the “Permit” signature remains the primary weapon for high-value drains. The sophisticated nature of the Resolv campaign has rendered traditional moderation tools useless.
The Institutional Exodus
The systemic inability of Discord to patch DM spoofing has forced a capitulation from top-tier DeFi teams. On January 14, Morpho Labs announced it would transition its Discord to “read-only” mode effective February 1, directing all support to a secure intercom system.
Discord makes it impossible to protect your users from getting scammed. Even if you ban scammers instantly they still DM users directly to scam them.
, 0xngmi, Founder of DefiLlama
DefiLlama has followed suit, abandoning the platform for support tickets. The move signals a broader shift: protocols are calculating that the liability of a community Discord now outweighs the engagement benefits. “Drainer-as-a-Service” providers, like the now-defunct Pink Drainer and its successors, have turned Discord phishing into a plug-and-play revenue stream for attackers.
Outlook
Expect more blue-chip protocols to follow Morpho’s lead. As phishing groups refine UI spoofing to be indistinguishable from legitimate apps like Resolv, the “Community Server” model is becoming an uninsurable risk. For users, the heuristic is simple: Never verify a wallet connection that requests a token allowance.
