Hi everyone, I would like to raise several concerns regarding the current state of security and communication within the Compound Discord community.
This message is directed to the Security Service Providers (ChainSecurity, Certora, and ZeroShadow) as well as the broader governance community. Since security responsibilities transitioned from the OpenZeppelin team in September, my understanding is that the SSPs mentioned above (@ioannis_csec) are now responsible for Compound’s overall security, and I assume the Discord server falls within this scope. Over the past months, the server has experienced a significant rise in bot and scam activity, requiring the removal of approximately 30–40 malicious accounts each day.
The first issue is the need for a stronger onboarding barrier. Implementing a verification system such as a captcha-based verification bot or reaction-gated entry would help prevent automated bot accounts and block users with known scam-link patterns before they gain access to the server.
The second issue concerns internal moderation tools. I suggest automated link filtering, rate-limiting for newly joined users, keyword-based scam detection, and a brief “quarantine mode” restricting new accounts to limited channels. These measures would substantially reduce spam activity and limit the damage malicious users can cause, even if they bypass initial safeguards.
I previously discussed using the Dyno bot with Torrey, but due to valid constraints it could not be implemented. In the meantime, I continue to monitor the message logs and track users who post and delete scam content. Strengthening verification and moderation automation would greatly enhance server safety and reduce the daily volume of malicious accounts we currently manage.
Beyond security, I would also like to highlight a broader communication gap that affects community visibility and engagement.
Discord is the second most active platform for Compound after the governance forum, yet the announcement channel remains underutilized.
Consistent use of this channel to share updates, governance milestones, and relevant ecosystem developments would improve real-time communication for community members. More generally, Compound’s official social media presence has become noticeably inactive, particularly on Twitter, which limits visibility and makes it difficult for users and contributors to stay informed. With the Compound Labs currently managing Discord and Twitter, and the @Compound_Foundation expected to assume full ownership of the Discord server in the future, improving communication across these platforms should be considered a high priority. Strengthening these channels would increase transparency, reinforce community trust, and enhance accessibility to important updates.
I have been managing the Compound Discord server for over a year through the grants program, which has now concluded, and the issues outlined above represent the most significant challenges identified during that period.
Addressing Discord security and improving communication practices would meaningfully enhance the community experience and reduce operational risks across the ecosystem. I am fully prepared to work collaboratively with the Compound Foundation or the Labs team to help develop and implement effective, long-term solutions.
I hope this post opens a productive discussion on prioritizing and implementing these improvements.