Seed Phrase Phishing on Discord
How crypto scammers use Discord support impersonation, fake bot prompts, and compromised server announcements to steal wallet seed phrases.
Part of: Seed Phrase Phishing
Last reviewed: 1 June 2026
Discord is the primary community hub for NFT projects, DeFi protocols, and crypto communities, making it the most targeted platform for seed phrase phishing. Scammers infiltrate legitimate servers as members, impersonate moderators and support staff, and send fake wallet verification prompts that harvest 12- or 24-word recovery phrases.
Because Discord users are accustomed to bots requesting wallet connections for token gating and community verification, the threshold for interacting with a credential-harvesting prompt is lower than on other platforms.
How this scam works on Discord
The most common attack involves a compromised or cloned 'official' server announcement — often after a real project server is raided or a clone server is promoted — directing all members to verify their wallet due to a migration, mint, or security upgrade. The verification link leads to a fake site requesting seed phrase entry.
Direct message phishing follows a support impersonation pattern: after a user asks a question in a project channel, a fake moderator DMs them offering help, then walks them through a 'wallet sync' process that terminates in a seed phrase entry field.
Malicious bots are invited to servers by compromised admin accounts and auto-DM all members with wallet verification prompts. A timed sense of urgency — 'verify within 24 hours or lose your role' — drives fast action before the victim reflects.
Common red flags
- DM from a 'moderator' offering to help with a wallet issue you posted about publicly
- Announcement directing all members to verify a wallet on an external site
- Any website or bot that asks for your 12 or 24-word seed phrase in any context
- Wallet verification urgency tied to a deadline, NFT mint, or airdrop
- Server with a name and logo nearly identical to a project you are a member of
How to protect yourself
- Never enter your seed phrase anywhere online — no legitimate service ever asks for it
- Turn off direct messages from server members in Discord privacy settings
- Verify all announcements directly with project social media before acting
- Use a hardware wallet for significant crypto holdings
- Check that support contacts are verified by the server's official admin team
How to report it
- Report the user or server to Discord via the in-app report function
- Report the phishing domain to your national cybercrime authority
- Report the scam to the official project team so they can warn other members
Frequently asked questions
Can Discord ever require me to enter my seed phrase?
No. Discord has no wallet integration and no legitimate reason to ask for a seed phrase. Any prompt — from a bot, DM, or website linked from Discord — that requests your seed phrase is a phishing attack. Your seed phrase should never be entered anywhere other than into your hardware wallet device itself during initial setup.