I wanted to test how fast the discord bot token detection is. I did it by creating a useless bot, and then just intentially leaked the token on gist of github on this account.
The token detection is too fast. It basically instantly found it, before I could even link my email with thunderbird.
I went on the developers site again, to see that the token hasn't changed. They claim that it has been reset (or invalidated), but no difference even after reloading.
The test has concluded. The bot has been deleted.
Keep your tokens secret, and out of your code AT ALL TIMES. Use .gitignore (or hide the token out of source control) to hide the token, and check before you post anything.
If your token gets leaked, renegerate ASAP.
If you find any Discord bot tokens, probably want to put it on gist.github.com for it to be invalidated. Discord will sent an email to the owner (and an important message prompt on the discord client), letting them know about the leak.