Wallet Drainer Scams on Discord
Attackers distribute malicious links through Discord DMs and compromised servers that, when clicked and connected to a crypto wallet, instantly drain all assets. These attacks take seconds and are irreversible.
Part of: Wallet Drainer Scams
Last reviewed: 1 June 2026
Wallet drainer attacks are a serious threat in Discord-connected NFT and DeFi communities. Scammers compromise Discord accounts belonging to project moderators or influencers, then post links that appear to be legitimate minting events, airdrops, or exclusive access portals.
When a user connects their wallet to the malicious site, a pre-signed transaction request drains the entire wallet contents — often within a single confirmation click. Because blockchain transactions are irreversible, recovery is rarely possible.
How this scam works on Discord
A compromised Discord account — often a project moderator or well-known community figure — posts a message in a trusted server announcing an exclusive mint, airdrop, or whitelist event with a limited-time link. The link leads to a site that mimics a legitimate Web3 project page and prompts wallet connection.
Once the user approves the connection, the site requests a transaction signature. The approval may be disguised as a 'gas fee', 'whitelist confirmation', or 'claim transaction'. In reality, it grants the drainer contract permission to transfer all tokens or NFTs from the wallet.
Some variants use Discord bots to DM thousands of server members simultaneously with personalised messages referencing the user's username to seem more legitimate.
Common red flags
- Sudden announcement from a moderator or bot for a minting event with a sense of urgency
- Link posted in Discord but not mirrored on the official project website or verified social channels
- Transaction approval request that includes broad token permissions ('approve all' or 'set approval for all')
- Minting site URL that differs slightly from the known official domain
- Moderator account recently hacked or showing unusual activity
- DM from a server bot with a time-limited mint link
How to protect yourself
- Always verify new mint links on the official project website before connecting your wallet
- Use a hardware wallet for high-value assets — drainer attacks depend on hot wallet approvals
- Review transaction details carefully before signing: any request for unlimited token approvals is a red flag
- Revoke unnecessary token approvals regularly using a trusted allowance checker
- Never click minting links arriving via Discord DM, even from apparent friends or moderators
- Keep most assets in a cold wallet and use a separate wallet with minimal funds for Discord-connected activities
How to report it
- Report the compromised Discord account and offending post via Discord's in-app report feature
- Alert the legitimate project team through verified external channels so they can warn the community
- Report the malicious domain to your browser's phishing-protection provider and to Google Safe Browsing
Frequently asked questions
Can I recover assets drained from my wallet?
Blockchain transactions are irreversible, so recovery directly from the blockchain is not possible. Contact your exchange immediately if any stolen assets land on a centralised platform — they may be able to freeze them.