New Account Takeover on Discord
Discord accounts are taken over through phishing links, malicious bots, and token-stealing malware, then used to spread further phishing or to defraud the victim's server communities.
Part of: New Account Takeover
Last reviewed: 1 June 2026
Discord account takeover is a persistent threat because the platform is used heavily by gaming, crypto, and creator communities where trust between members runs high. A hijacked account from a well-established member can instantly reach thousands of people in shared servers with a credible-looking scam message.
Unlike many platforms, Discord uses session tokens that can be extracted by malware without requiring the account password, meaning that even accounts protected by two-factor authentication can be compromised if the underlying device is infected.
How this scam works on Discord
Phishing links arrive via DM, often appearing to come from a friend whose account was previously compromised. The link leads to a fake Discord login page or to a site that requests account authorisation. Entering credentials or authorising the OAuth request hands the attacker full account access.
Token-stealing malware — frequently disguised as game cheats, mod installers, or productivity tools shared in Discord channels — extracts the authentication token stored by the Discord desktop app. With this token the attacker can access the account from any device without needing the password or two-factor code.
Once inside, attackers message every shared server contact with a new phishing link, use the account to promote scam projects in server channels, or attempt to access linked cryptocurrency wallets by claiming to be the legitimate owner to server admins.
Common red flags
- DM from a Discord friend containing an unsolicited link with minimal context
- Site asking you to 'log in with Discord' on a domain unrelated to any service you are using
- Notification that your account was used to log in from an unrecognised location
- Friends reporting unusual DMs sent from your account
- Account boosting a server or posting in channels without your action
- Inability to log in after recently installing a new application shared in a Discord channel
How to protect yourself
- Enable two-factor authentication on your Discord account, though be aware it does not protect against token theft
- Never install software shared by other Discord users unless you can independently verify its source
- Log out of all devices in Discord's authorised device list if you suspect compromise
- Revoke all active sessions via Discord's Settings > Privacy & Safety if your account behaves unusually
- Use reputable security software to scan for token-stealing malware if you have recently run unfamiliar programs
- Be suspicious of any DM containing a link, even from known contacts — verify via an alternative channel first
How to report it
- Submit a report to Discord's trust and safety team at dis.gd/report describing the takeover
- Warn shared server communities about the compromise so members can ignore recent messages from the hijacked account
- Report to your national cybercrime unit if financial loss resulted from the takeover
Frequently asked questions
Why does two-factor authentication not fully protect a Discord account?
Discord's desktop app stores a session token on the device. Malware can extract this token and use it to access the account without needing the password or two-factor code. To protect against this vector, keep your device malware-free and periodically log out all sessions in Discord's settings.