A newly discovered scam on Discord is turning once-legitimate server invites into tools for spreading malware, posing significant risks to user data, devices, and even cryptocurrency wallets. The exploit targets a core part of Discord’s functionality—its invite system—and takes advantage of expired links in a way that may catch even experienced users off guard.
From Legitimate to Malicious: How the Exploit Works
According to cybersecurity researchers from Check Point Research, the scam leverages expired Discord invites—including temporary and custom vanity links—to trick users into joining malicious servers. Once a legitimate link expires or a server loses access to its custom vanity URL, that exact URL can be reclaimed by another user who owns a boosted server. The scammer then assigns the expired URL to a fake server, making any previously trusted links posted online now redirect to a scam server.
This method is particularly dangerous because users may not suspect anything is wrong when clicking an old link shared by a friend, community, or website. Upon joining the malicious server, users are prompted to “verify” their account, which involves clicking another link and running a PowerShell script. This script initiates the download of additional malware capable of:
- Keylogging everything typed
- Capturing screen activity
- Activating connected webcams
- Stealing saved data and crypto wallet information
Discord Has Responded, But the Risk Remains
Since the report surfaced, Discord has acted by disabling the bot that was used to automate this scam. However, the underlying vulnerability—how expired invite links can be reassigned and abused—remains unresolved. It’s possible for similar bots or manual tactics to emerge and continue the scam using the same strategy.
Discord’s invite system, especially custom vanity URLs, is widely used across gaming communities, social hubs, and professional networks. That widespread use, combined with the silent nature of this attack, makes the exploit especially concerning.
What Users Can Do to Stay Safe
Until Discord implements a more permanent solution to prevent expired links from being reused in this manner, users are strongly advised to:
- Avoid clicking on old Discord invite links unless they’re from a trusted and recent source
- Manually inspect invite URLs before clicking
- Only join servers through official websites or verified Discord sources
- Never download or run scripts as part of a “verification” process on a server
Cybercriminals are increasingly using social engineering to exploit trusted platforms. As Discord continues to grow beyond its gaming roots, its user base must remain vigilant and informed to avoid falling victim to evolving scams like these.
