Social Engineering ยท Discord ยท Phishing

Discord Crypto Scams: The Playbook Attackers Use

A server you trust posts an exclusive mint. Time-limited. You click the link. The site looks exactly right โ€” and your wallet gets drained. This scenario plays out dozens of times a day.

Discord has become the primary social attack surface for crypto theft because it combines everything that makes phishing work: urgency, community trust, pseudonymity, and easy link sharing. Most crypto projects run their communities there, which means attackers have a large, crypto-active audience pre-assembled for them.

The compromised server attack

The most damaging Discord attack isn't a DM from a random account โ€” it's a post from the official server of a project you follow, announcing an exclusive mint or airdrop claim. The link goes to a near-perfect clone of the project's site. You connect your wallet. You sign what looks like a mint transaction. It's a drainer.

This works because the attackers first compromised a server admin's account โ€” usually through a phishing link sent as a "partnership opportunity" or "security notice." With admin access, they can post announcements that look completely official.

The tell: check the URL very carefully before connecting your wallet. Even if the announcement came from a server you trust, a phishing site's domain will be slightly different from the real one โ€” one letter off, a different TLD, a hyphen added. If you're not sure, find the URL in the project's Linktree, Twitter bio, or website โ€” not the Discord announcement.

The DM phishing playbook

If you post in a crypto server, you'll often get DMs within minutes. The most common scripts:

  • โ€ข"I noticed your question about X โ€” I'm a mod and can help you directly." No mod will DM you first. If you need help, ask in public channels.
  • โ€ข"You've been selected for an early mint whitelist." Projects don't distribute whitelist spots through DMs from strangers.
  • โ€ข"Your wallet is at risk, click here to verify." There is no verification process for wallets. Any link claiming this is a phishing site.
  • โ€ข"I'm having trouble with this contract, can you test a transaction for me? I'll pay you 0.5 ETH." Classic setup to get you to interact with a malicious contract.

Bot-driven fake support

Some attackers deploy bots that monitor Discord servers for keywords like "help", "error", or "MetaMask" and auto-DM anyone who uses them. The bot impersonates official support, often with a username very similar to a real moderator. They'll walk you through "fixing" your issue โ€” which always involves clicking a link and connecting your wallet.

Real support happens in public channels. Real mods have roles displayed next to their names. If you're not sure whether someone is a real mod, check the server member list.

Settings that reduce your attack surface

  • โœ“Disable DMs from server members: User Settings โ†’ Privacy & Safety โ†’ uncheck "Allow direct messages from server members"
  • โœ“Enable 2FA on your Discord account โ€” if your account is compromised, attackers can use it to spread scams to your contacts
  • โœ“Never click links in DMs to connect your wallet โ€” navigate to sites directly
  • โœ“When a server posts a mint or claim link, verify it against the project's official website URL before connecting
  • โœ“If you're in a project Discord, check their pinned messages or official website for the real contract address before interacting

Frequently asked questions

Why is Discord such a common vector for crypto scams?

It combines urgency, community trust, and easy link sharing in one place. Attackers target crypto project servers because the audience is self-selected to be crypto-active.

How do attackers get access to official servers?

Usually by phishing a server admin's Discord credentials through a fake partnership or security alert. With admin access they can post announcements that look fully official.

Should I disable Discord DMs?

For crypto servers, yes. Go to User Settings โ†’ Privacy & Safety and disable DMs from server members. Legitimate teams never DM first about mints, airdrops, or support.

Know what you're signing when you get there

GuardianAI explains every MetaMask transaction in plain English before you confirm it โ€” including the approval requests that Discord phishing sites use to drain wallets. Free Chrome extension.

Get GuardianAI โ€” It's Free