FA+
Shop
Discord hack conclusion & explanation
2 months ago
Ok, it seems like I can finally type on Discord, which means I'm back in control again.
For starters, massive apologies to everyone who got spammed by my account trying to lure you into clicking their link for a supposed game that's actually malware.
An explanation;
In short, this was completely avoidable.
The long story;
My fiancee was messaged by a friend of hers asking for help to beta test a game. She trusted said friend and assumed it was a potential thing for a future Youtube recording session or something. She didn't think much of it as she tried to download it, but her laptop was a bit on the older side and it wasn't booting up properly.
She then offered I talk to him in a group chat and I was a bit starstruck with said friend as I semi-hesitantly offered to use my PC since it was a bit more modern, so we went into a group chat. Said friend then updated us with a newer file link which came off as an updated version.
So basically, due to our combined lapse of judgement, we both fell for it. I am not going to 100% throw her under the bus, we were both dumbasses at the time.
I foolishly ignored the antivirus warnings as I figured a lot of files can often be mistaken for viruses due to past experiences... As soon as I ran the program, for a SPLIT-SECOND I saw pop-ups of what clearly was MS-DOS' iconic black screens showing me a bunch of familiar-looking passwords and at that moment I realized what had happened. I was removed from the group chat as my fiancee was given a ransom of our account info and passwords, likely wanting Crypto or NFTs (which we don't have) as they threatened to sell our info on the dark web.
I was not long after logged out of Discord as signing in was fruitless since the hacker changed the email address and password. I also got suggestions for help from a friend via Twitter DMs and I tried to warn my followers on Twitter, which were scrubbed as my email and password were also changed on there... However, I did have 2FA on Twitter so I could take that back fairly easily. Discord as you know, took a bit longer as I had to patiently await help from their devs to get my account back via my original email address. I took the opportunity to make a brand-new email address to sign into and link to my discord, as well as updating my 2FA to prevent the hacker from getting in yet again. I'm hoping this'll be the end of it, but i'm keeping my guard up.
Needing to change my passwords for a shit-ton of sites I was forced to make accounts for is a pain in the ass, but it'll be a harsh reminder of what to avoid in the future, or at the very least be much more cautious on messages from friends sending suspicious links.
Those morbidly curious on what it looks like being hacked, here's what to expect;
The hacker once they have access to your Discord account, they immediately make use of your friend list and potentially your groups to look for more suckers to trick into giving away their info like I did. The longer you haven't talked to someone, the more likely they'll contact them as they'll likely be none the wiser of your behavior and your intent. Those smart enough to be skeptical and call out the BS are promptly blocked from your friend list.
Any sucker they message in their attempt to scam will change their screen name as simply just the number "1", I presume as a reminder for themselves who they already messaged in the hopes they can lure them into the same trap I fell into. The messages left from these subhumans will attempt to sound as human as possible.
Below is an example of a conversation from one of my friends (with name and suspicious link redacted) who got lured by said scammer which I'm HOPING TO GOD they didn't get hacked.
SorcererLance — 9/10/2025 6:36 PM
hi
how are you?
1 — 9/10/2025 6:42 PM
Hey, I'm doing fine. How about you?
SorcererLance — 9/10/2025 6:42 PM
good ty
[6:42 PM]
may i ask something?
1 — 9/10/2025 6:42 PM
Sure.
SorcererLance — 9/10/2025 6:43 PM
We’re working on a 2D adventure game project and are currently looking for content creators to try it out and share their feedback. It only takes about 9–10 minutes to play through the current version.
If you're interested, you’re more than welcome to play it on stream as well — we'd love to see your live reactions and thoughts!
1 — 9/10/2025 6:43 PM
Sure! I would love to try it out!
SorcererLance — 9/10/2025 6:45 PM
yaay tysm ^^
[redacted] my game website
[redacted fake game name]
This isn’t just any mill—forget about the classic flour mill or the boring ...
[6:45 PM]
can you check it out right now ?
1 — 9/10/2025 6:45 PM
I can. I can download it from the link that you provided.
SorcererLance — 9/10/2025 6:46 PM
thanks
1 — 9/10/2025 6:46 PM
No problem.
[6:46 PM]
I'll let you know what I think of it afterwards.
SorcererLance — 9/10/2025 6:47 PM
kk thanks
1 — 9/10/2025 6:48 PM
Ran into a wall when downloading the demo.
SorcererLance — 9/10/2025 6:48 PM
download it on different browser
1 — 9/10/2025 6:48 PM
Let me try Chrome
SorcererLance — 9/10/2025 6:49 PM
k
1 — 9/10/2025 6:50 PM
There we go. Going to try it out now.
SorcererLance — 9/10/2025 6:50 PM
cool (edited)
1
1 — 9/10/2025 6:52 PM
My anti-virus analyzed the file. :/
SorcererLance — 9/10/2025 6:53 PM
Since it is quite expensive to get a license from antivirus programs, they can block our game.
[6:53 PM]
[6:53 PM]
disable the norton and try again pls
1 — 9/10/2025 6:53 PM
I'm so sorry. I thought I was in the clear.
SorcererLance — 9/10/2025 6:53 PM
sorry
1 — 9/10/2025 6:53 PM
It's okay.
SorcererLance — 9/10/2025 6:55 PM
disable it and try pls
1 — 9/10/2025 6:55 PM
Let me try.
SorcererLance — 9/10/2025 6:55 PM
ty
1 — 9/10/2025 6:55 PM
yw
SorcererLance — 9/10/2025 7:29 PM
so?
1 — 9/10/2025 7:44 PM
Still no luck...
TL:DR;
Don't be a dumbass like I was. It pays to be skeptical and call things out when things look and sound too suspicious.
For starters, massive apologies to everyone who got spammed by my account trying to lure you into clicking their link for a supposed game that's actually malware.
An explanation;
In short, this was completely avoidable.
The long story;
My fiancee was messaged by a friend of hers asking for help to beta test a game. She trusted said friend and assumed it was a potential thing for a future Youtube recording session or something. She didn't think much of it as she tried to download it, but her laptop was a bit on the older side and it wasn't booting up properly.
She then offered I talk to him in a group chat and I was a bit starstruck with said friend as I semi-hesitantly offered to use my PC since it was a bit more modern, so we went into a group chat. Said friend then updated us with a newer file link which came off as an updated version.
So basically, due to our combined lapse of judgement, we both fell for it. I am not going to 100% throw her under the bus, we were both dumbasses at the time.
I foolishly ignored the antivirus warnings as I figured a lot of files can often be mistaken for viruses due to past experiences... As soon as I ran the program, for a SPLIT-SECOND I saw pop-ups of what clearly was MS-DOS' iconic black screens showing me a bunch of familiar-looking passwords and at that moment I realized what had happened. I was removed from the group chat as my fiancee was given a ransom of our account info and passwords, likely wanting Crypto or NFTs (which we don't have) as they threatened to sell our info on the dark web.
I was not long after logged out of Discord as signing in was fruitless since the hacker changed the email address and password. I also got suggestions for help from a friend via Twitter DMs and I tried to warn my followers on Twitter, which were scrubbed as my email and password were also changed on there... However, I did have 2FA on Twitter so I could take that back fairly easily. Discord as you know, took a bit longer as I had to patiently await help from their devs to get my account back via my original email address. I took the opportunity to make a brand-new email address to sign into and link to my discord, as well as updating my 2FA to prevent the hacker from getting in yet again. I'm hoping this'll be the end of it, but i'm keeping my guard up.
Needing to change my passwords for a shit-ton of sites I was forced to make accounts for is a pain in the ass, but it'll be a harsh reminder of what to avoid in the future, or at the very least be much more cautious on messages from friends sending suspicious links.
Those morbidly curious on what it looks like being hacked, here's what to expect;
The hacker once they have access to your Discord account, they immediately make use of your friend list and potentially your groups to look for more suckers to trick into giving away their info like I did. The longer you haven't talked to someone, the more likely they'll contact them as they'll likely be none the wiser of your behavior and your intent. Those smart enough to be skeptical and call out the BS are promptly blocked from your friend list.
Any sucker they message in their attempt to scam will change their screen name as simply just the number "1", I presume as a reminder for themselves who they already messaged in the hopes they can lure them into the same trap I fell into. The messages left from these subhumans will attempt to sound as human as possible.
Below is an example of a conversation from one of my friends (with name and suspicious link redacted) who got lured by said scammer which I'm HOPING TO GOD they didn't get hacked.
SorcererLance — 9/10/2025 6:36 PM
hi
how are you?
1 — 9/10/2025 6:42 PM
Hey, I'm doing fine. How about you?
SorcererLance — 9/10/2025 6:42 PM
good ty
[6:42 PM]
may i ask something?
1 — 9/10/2025 6:42 PM
Sure.
SorcererLance — 9/10/2025 6:43 PM
We’re working on a 2D adventure game project and are currently looking for content creators to try it out and share their feedback. It only takes about 9–10 minutes to play through the current version.
If you're interested, you’re more than welcome to play it on stream as well — we'd love to see your live reactions and thoughts!
1 — 9/10/2025 6:43 PM
Sure! I would love to try it out!
SorcererLance — 9/10/2025 6:45 PM
yaay tysm ^^
[redacted] my game website
[redacted fake game name]
This isn’t just any mill—forget about the classic flour mill or the boring ...
[6:45 PM]
can you check it out right now ?
1 — 9/10/2025 6:45 PM
I can. I can download it from the link that you provided.
SorcererLance — 9/10/2025 6:46 PM
thanks
1 — 9/10/2025 6:46 PM
No problem.
[6:46 PM]
I'll let you know what I think of it afterwards.
SorcererLance — 9/10/2025 6:47 PM
kk thanks
1 — 9/10/2025 6:48 PM
Ran into a wall when downloading the demo.
SorcererLance — 9/10/2025 6:48 PM
download it on different browser
1 — 9/10/2025 6:48 PM
Let me try Chrome
SorcererLance — 9/10/2025 6:49 PM
k
1 — 9/10/2025 6:50 PM
There we go. Going to try it out now.
SorcererLance — 9/10/2025 6:50 PM
cool (edited)
1
1 — 9/10/2025 6:52 PM
My anti-virus analyzed the file. :/
SorcererLance — 9/10/2025 6:53 PM
Since it is quite expensive to get a license from antivirus programs, they can block our game.
[6:53 PM]
[6:53 PM]
disable the norton and try again pls
1 — 9/10/2025 6:53 PM
I'm so sorry. I thought I was in the clear.
SorcererLance — 9/10/2025 6:53 PM
sorry
1 — 9/10/2025 6:53 PM
It's okay.
SorcererLance — 9/10/2025 6:55 PM
disable it and try pls
1 — 9/10/2025 6:55 PM
Let me try.
SorcererLance — 9/10/2025 6:55 PM
ty
1 — 9/10/2025 6:55 PM
yw
SorcererLance — 9/10/2025 7:29 PM
so?
1 — 9/10/2025 7:44 PM
Still no luck...
TL:DR;
Don't be a dumbass like I was. It pays to be skeptical and call things out when things look and sound too suspicious.
The fact the president of valve typing to me in bizarre text was also way too odd and bizarre, yet for some reason my primitive lizard brain pushed what was obvious bullshit and red flags to the back of my mind and lost my initial discord, and had to make a new steam account.
I say I was tired that night and focused on my studies when I was in university at the time, yet I keep thinking that threat of "24 hours until your steam account is locked" set off something and it took over. I should have spoke with steam moderators before not after. I didn't even see a steam warning on my account, the one the scammer used to try and trick me so I knew something was wrong, yet I went along anyway, knowing in the back of my head it was bullshit.
If it's not to test a game, it'll be because "they accidentally reported you" or they want you to vote into some bogus Counter Strike/DOTA tournament
Always ask questions and ALWAYS pay attention to the way they type.
w00t!
Good job on that one! :)
And yeah, Discord is notorious for being very insecure. X.x
Sounds like you have your account back. Huge grats for that, Fox. *snugs you tightly*
I managed to regain control, though, and I'm glad you were able to, as well.
they wont see it coming, and thats how you know xP