Hide your crypto: Infamous 'try my game' Discord scam on the rise

Hide your crypto: Infamous 'try my game' Discord scam on the rise

An X user known as Princess Hypio said they lost $170,000 in crypto and NFTs to a scammer who infiltrated a Discord server and pretended to have mutual friends. Update Sept.1, 11:30 pm UTC: This article has been updated to include information from Halborn’s chief information security officer.

Last month, crypto user and NFT artist Princess Hypio told her followers she lost $170,000 in crypto and non-fungible tokens after a scammer convinced her to play a game with them on Steam. While she was “mindlessly” playing with the scammer, they were secretly stealing her funds and hacking her Discord.

The same tactic was used on three of her other friends, she wrote in a post on Aug. 21 on X. It turns out, the tactic has been around for a while and is known by some as the “try my game” scam, which users have been reporting about for years in different forms.

Speaking to Cointelegraph, Kraken’s chief security officer, Nick Percoco, said these methods have become an increasingly popular attack method

The "Try My Game" Hack: How it Works

The crypto version of the scam involves a hacker joining a Discord server or group, lying in wait, learning about how users interact with each other and later using that information to gain trust.

The hacker then asks users if they own crypto or NFTs, often feigning interest to ask questions and gauge what digital assets they might own. In Princess Hypio’s case, they had a Milady NFT, which resulted in her being targeted.

After identifying a target with crypto, the hacker invites victims to play a game, sending a link to a server with Trojan malware that provides access to user devices, which allows them to steal personal information and drain any connected wallets. In Princess Hypio’s case, the ploy involved convincing her to download a game on Steam by offering to buy it for her.

The game itself was safe, but the server on which the game was being hosted was malicious. She lost $170,000 in crypto and NFTs from the attack, she said.

Attackers Exploit Trust

"These scams do not exploit code; they exploit trust. Attackers impersonate friends and pressure people into taking actions they normally would not take," said Percoco.

Attackers embed themselves in communities, learn the culture, mimic trusted friends, and then strike, he said. Gabi Urrutia, chief information security officer at cybersecurity firm Halborn, told Cointelegraph the scam combines social engineering with malware, and while not “very sophisticated,” it’s insidious because of its “abuse of trust among members of a community.”

"It's not as important as traditional phishing in volume, but it's more and more frequent in Web3 and gaming communities, where there is a mix between pair-to-pair trust and high-value assets," he said.

Preventing the Scam: Habits to Develop

In February, a user under the handle RaeTheRaven posted to the Malwarebytes forum that they had fallen prey to the “infamous scam” after someone they thought was a friend sent a link. A Reddit forum that started in July also warned of scams targeting gamers.

Percoco told Cointelegraph that while the crypto industry tends to see these scams first, the tactic spreads across sectors. He said the best way to avoid being snared is to have a “healthy skepticism,” confirm identities through another channel, avoid running unknown software, and remember that “doing nothing is safer than taking a risky step.”

Urrutia said defense against this scam involves very specific habits, such as stopping to think before signing anything, keeping privileges to a minimum, and avoiding using the same device for gaming and managing wallets.

Cultural Shift Needed

"And from the community side, there's also much to be done: limiting direct messages from strangers, verifying new members, and strengthening the security culture. Ultimately, the big challenge isn't technological, but cultural," he added.

More Widespread Scams on the Rise

Percoco also said that while the Discord scams are on the rise, a more widespread trend in crypto currently involves fake recruiters. A recent June case, a North Korea-aligned threat actor targeted job seekers in the crypto industry with malware designed to steal passwords for crypto wallets and password managers.

Blind Signing, Approval Phishing: Evolutions of the Same Idea

"Discord impersonation is rising quickly, but the most widespread trend we are tracking today is fake recruitment campaigns where victims are lured with job offers and tricked into clicking phishing links," Percoco said.

Halborn's Take on Scams

Urrutia said the largest volume of scams Halborn is seeing involves blind signing, approval phishing, and similar, but they are all “evolutions of the same idea: not to steal the key by force, but to get the user to hand it over voluntarily.”