One of the most damaging scams on Discord doesn’t exploit code but human trust. Known as the “Try My Game” scam, it lures users into downloading what looks like a harmless beta test but is actually malware designed to steal wallets, accounts, and personal data.

Victims have lost thousands of dollars. In one case, an NFT artist lost $170,000 in crypto and NFTs within hours. For communities built on trust, this scam has become a major threat. A crypto certification can help you understand both the technology and the risks.

How the Scam Works

A scammer enters a Discord community, builds rapport, and then directly messages a target. The pitch is simple: “Try my new indie game” or “Please beta test this project.”

The link leads to a download hosted on Dropbox, Google Drive, or even Discord’s own CDN. Once installed, the file delivers a stealer or remote access Trojan that silently harvests information. This includes browser cookies, wallet data, and Discord login tokens.

The attacker then hijacks the victim’s account to spread the scam further, contacting friends and other community members with the same invitation.

Malware Variants Behind the Scam

Researchers have linked the scam to several malware families, including Electron-based stealers like Nova, Ageo, and Hexon, and RAT variants such as Bby Stealer. These tools are designed to:

Extract saved credentials and cookies
Capture Discord tokens to hijack accounts
Access locally stored crypto wallets and browser extensions
Collect payment information and personal details

The stolen data allows attackers to bypass passwords, drain wallets, and impersonate victims across platforms.

Case Study: A $170,000 Loss

NFT artist Princess Hypio reported losing $170,000 after clicking one of these malicious links. A scammer who had infiltrated her server posed as a trusted friend, convincing her to try a fake game. Within hours, her crypto and NFTs were gone.

This case underscores the danger: the scam works because it feels personal. Victims don’t think they’re trusting a stranger—they think they’re supporting a friend.

Expert Views

Security experts stress that the success of the scam is rooted in psychology, not advanced coding.

Nick Percoco, CSO at Kraken: “It’s not about code exploits—it’s about exploiting people’s trust.”
Gabi Urrutia, CISO at Halborn: “The attack is not technically sophisticated. It’s effective because people want to help others in their community.”

The “Try My Game” Scam Playbook

Step 1 – Infiltration
Scammer joins a Discord server and poses as a friendly member.

Step 2 – Direct Message
Target receives a personal invite to test a new game.

Step 3 – Download Link
File is hosted on Dropbox, Google Drive, or Discord’s CDN.

Step 4 – Malware Execution
Victim installs the fake game; malware activates in the background.

Step 5 – Data Theft
Credentials, cookies, wallets, and tokens are stolen.

Step 6 – Scam Expansion
Hijacked Discord accounts spread the scam to new victims.

Platform and Community Warnings

Warnings about this scam date back to 2021, when Itch.io forums flagged suspicious “try my game” invites. Discord’s own support pages explain how malware from these scams can harvest browser data, payment details, and IP addresses simply by clicking a link.

Despite the alerts, the scam persists because it manipulates trust in tight-knit communities.

How to Protect Yourself

Avoid downloading files from unsolicited DMs, even if they appear to come from a friend.
Confirm with contacts through another channel before clicking links.
Use separate devices for testing unknown software and storing wallets.
Enable multi-factor authentication to reduce account compromise risk.
Keep antivirus software active to catch known stealer variants.

Why It Hits Crypto Hardest

For crypto users, the risk is severe. Once a wallet is compromised, funds can be transferred instantly and irreversibly. Browser-based wallets like MetaMask or Phantom are especially vulnerable.

That’s why crypto literacy is more than just learning about markets. A Data Science Certification helps you analyse attack patterns and wallet movements, while a Marketing and Business Certification can help you design awareness campaigns to protect entire communities.

Outlook

The “Try My Game” scam will remain a threat as long as people can be persuaded by social engineering. Its simplicity makes it easy to replicate, and its reliance on trust makes it highly effective. Stronger link detection from platforms could help, but until then, the best defence is awareness and caution.

Conclusion

The infamous “Try My Game” scam shows that the weakest link in security is often human trust. By preying on friendships and community ties, scammers have stolen millions in crypto and NFTs. Staying safe requires vigilance: never download unsolicited files, verify requests, and keep wallets protected.