A new wave of crypto-stealing scams is targeting Discord users through a deceptively simple social engineering technique. Attackers approach targets — typically people who are active in crypto communities — with a friendly message asking them to "try my game" or provide feedback on a new gaming project. The attached files, presented as game executables, contain sophisticated malware designed to steal cryptocurrency wallet credentials and drain funds.
How the Scam Works
The attacker typically poses as a fellow community member or indie game developer, building rapport over several conversations before introducing the malware payload. The fake game files are often signed with legitimate-looking certificates and may even run a basic game loop to avoid immediate suspicion. Meanwhile, in the background, the malware scans the victim's device for browser-stored wallet seeds, private key files, and authenticator app data.
How to Protect Yourself
- Never run executable files sent by strangers, regardless of how legitimate the sender appears.
- Use a dedicated device for crypto transactions that has no gaming software installed.
- Keep wallet seed phrases written on paper, never stored digitally on any device.
- Enable Discord's two-factor authentication and review app permissions regularly.
- If you have already run a suspicious file, immediately transfer all crypto to a freshly-created wallet on a clean device.
Have You Been Scammed?
Open a case today and let our experts begin the recovery process. A case-opening fee applies; full refund if unsuccessful.