Discord is crawling with people and bots looking to gain control of your account or send you to deceptive websites. Familiarize yourself with these patterns for safe use of the platform.
This invalidates your existing session token and signs you out everywhere.
Links might not go where you think they go. Markdown allows the text representation of a link to be different than its actual target - so check before you click.
Even URLs with trusted domains can include bookmarklet-style Javascript that permits injection, so a site you think you trust might ask for your credentials or ask you to enter a token from the browser dev console.
Be especially wary of executables, scripts, and vulnerable file types like PDFs, and remember that you don't know who's at the other end of an account. If in doubt, don't download it.
If an attacker executes code on your machine to steal your token, they can change your password, turn off 2FA, and re-enable it, locking you out entirely. (Nonetheless, you should have 2FA enabled to protect yourself from phishing and leaked credentials.)
Specifically, never scan a QR code with the app when asked by someone else, never give out your password, and never copy anything from the browser developer console to send to someone who's asking.
Don't run any commands in your browser dev console or add browser bookmarks when prompted by a contact or a website. Only bad actors will ever ask you to do so.