Bot 2021 - Ratty

Ratty Bot 2021: The Rise, Reign, and Aftermath of a Discord Security Nightmare

Published: March 15, 2025
Reading time: 7 minutes

If you were active on Discord in 2021, you likely heard a whispered warning: "Don’t click that link. It’s Ratty." To many, Ratty Bot was the boogeyman of the platform—a malicious application that promised game stats or server utilities but instead stole tokens, compromised accounts, and ripped apart communities. For security researchers, however, Ratty Bot 2021 represented a watershed moment in the evolution of platform-specific malware.

This article explores what Ratty Bot was, how it operated at its peak in 2021, the damage it caused, and the lessons the Discord community learned. ratty bot 2021

2. ORIGINS AND DEVELOPMENT

2.1 Authorship Analysis of the compiled code suggests the bot was not the product of a major financial institution but likely the work of a sophisticated independent developer or a "gray hat" collective. The code structure utilizes a modified version of the Krypton open-source framework, heavily altered to bypass standard API rate limits.

2.2 Deployment The bot was deployed on January 14, 2021. Early traces show it operating on mid-tier exchanges (e.g., Exmo, HitBTC) before expanding to decentralized exchanges (DEXs) on the Binance Smart Chain and Ethereum networks. Ratty Bot 2021: The Rise, Reign, and Aftermath

1. Lack of User Awareness

In 2021, most Discord users still believed that “bots cannot steal accounts.” Unlike email phishing, OAuth2 attacks were poorly understood.

1. EXECUTIVE SUMMARY

Subject Identifier: Ratty Bot 2021 Classification: High-Volatility Trading Algorithm / Market Manipulation Vector Status: Decommissioned (Active Jan 2021 – Dec 2021) a green checkmark)

"Ratty Bot 2021" refers to a rogue algorithmic trading entity that operated primarily within the cryptocurrency and low-liquidity forex markets during the fiscal year 2021. Unlike standard High-Frequency Trading (HFT) bots designed for arbitrage or market making, Ratty Bot was characterized by its erratic execution strategy—designed to mimic "churning" while skimming marginal profits through imperceptible latency arbitrage. The bot gained notoriety within niche trading circles for its "scurrying" behavior on order books, leading to its moniker.

2. Discord’s Permissions Model

At the time, Discord allowed any bot to request guilds.join and messages.read without manual review. Attackers simply created a new bot application, set the avatar to something trustworthy (e.g., a green checkmark), and started phishing.