Hide your crypto: ‘Try my game’ Discord scam on the rise

Cointelegraph reports that a growing social-engineering scam on Discord — often called the “try my game” scam — has led to large crypto and NFT thefts after attackers infiltrate communities and pose as trusted friends. One high-profile victim, an NFT artist known as Princess Hypio, said she lost roughly $170,000 in crypto and NFTs after a scammer convinced her to join and play a game hosted on a malicious server.

The scam typically works like this: an attacker quietly joins a server, studies how members interact, and builds rapport by mimicking community language and claiming mutual connections. They then identify people who own crypto or NFTs and invite them to play a game, often sending a link to a server or file that contains Trojan-style malware. That malware can give the attacker remote access or harvest credentials and keys, enabling them to drain connected wallets.

Security professionals interviewed for the article say the attack relies less on technical sophistication and more on abusing trust. Because the impostor blends into the community and appears to be a friend, targets are more likely to download software or follow instructions they otherwise wouldn’t. Experts recommend always verifying identities through another channel, avoiding unknown software, and exercising “healthy skepticism” before taking actions that could expose wallet keys or private data.

Practical defenses include limiting direct messages from strangers, verifying new members, keeping gaming and wallet activity on separate devices, restricting permissions and privileges, and pausing to think before signing transactions or granting approvals. Security teams also stress that community culture and verification processes are as important as technical controls in preventing these social-engineering attacks.

The article also notes that while Discord-targeted scams have been prominent in crypto and Web3 circles, the same social-engineering techniques are spreading into gaming and other sectors. A related trend highlighted by security researchers is the rise of fake recruitment campaigns that lure job seekers with phishing links and malware — a tactic that has been linked to state-aligned threat actors in some cases. Additionally, defenders are seeing evolutions such as blind-signing and approval-phishing, which trick users into willingly authorizing malicious transactions.

In short, the “try my game” scam is a reminder that many attacks target human trust rather than exploiting code flaws. Users should verify identities, avoid running unknown software, separate high-value activities from casual devices, and treat unexpected generosity or urgency as a red flag.