The “try my game” scam is a Discord social-engineering attack where a fraudster gains trust, lures a user to join a malicious game server, and installs Trojan malware to steal crypto and NFTs. Victims report six-figure losses; verify identities, avoid unknown servers, and never run untrusted software.
-
Rapid trust-building: scammers impersonate friends to convince targets to join game servers.
-
Attackers deliver Trojan-infected servers or links that exfiltrate wallet keys and assets.
-
Reported losses include $170,000 in one incident; similar tactics have been flagged across gaming and cybersecurity forums.
Meta description: Try my game scam on Discord steals crypto and NFTs; learn how the attack works, steps to avoid it, and immediate protections. Read now.
What is the “try my game” Discord scam?
The “try my game” scam is a social-engineering attack where a scammer infiltrates Discord communities, builds trust by impersonating members, and persuades targets to join a game server that delivers malware which can drain connected crypto wallets and steal NFTs. The method targets community trust rather than exploiting code.
Case example: an X user known as Princess Hypio reported losing $170,000 in crypto and NFTs after accepting an invitation to play on a malicious Steam-hosted server.

Source: Princess Hypio
How does the “try my game” scam work step by step?
Attackers join a Discord server and observe interactions to learn community norms and identify high-value targets. They ask about crypto or NFT ownership and then feign friendliness to earn invitations.
Next, they send a server or download link for a game. The game client may be safe, but the hosted server or accompanying files can house Trojan malware that gains device access, locates wallet keys, and drains funds.
In the reported incident, the scammer offered to buy a Steam game, then used the server invite to push the victim onto a malicious host. The result: $170,000 in combined crypto and NFTs gone. Security experts including Kraken chief security officer Nick Percoco note the attacks exploit trust, not code.
Why is this scam spreading beyond crypto?
Similar social-engineering tactics appear in gaming and general online communities. Malwarebytes and community forum reports describe related incidents where the same pattern produced ransomware or credential theft.
According to industry commentary, methods seeded in crypto communities often migrate into broader sectors because the attacker workflow—community infiltration, impersonation, and malicious hosting—translates easily across platforms.
How can users avoid the “try my game” scam?
Protective steps reduce risk: verify identity through a separate channel, decline unsolicited game invites, never run unknown software, and keep crypto wallets isolated. If you use Steam or Discord, confirm invites through a trusted message or voice call before joining any new server.
What immediate actions should a victim take after an attack?
Disconnect affected devices from the internet, move funds from compromised wallets if possible, reset passwords and 2FA on separate, secure devices, and report the incident to platform trust/safety teams. Preserve logs and messages for any investigation.

Another person reported being hit with the scam back in July, which resulted in a ransomware demand. Source: Malwarebytes
Frequently Asked Questions
How common is the “try my game” scam in crypto communities?
Reports have surfaced across crypto and gaming forums throughout 2025. High-profile examples include a $170,000 loss reported by an NFT artist; security teams say the tactic is rising as attackers exploit community trust.
Can running a legitimate Steam game still be risky?
Yes. A legitimate game client can link to or recommend a malicious server. The risk lies in joining or interacting with untrusted servers and running unknown supplemental files, not always the game binary itself.
Key Takeaways
- Trust is the attack vector: Scammers impersonate community members to lower guards.
- Malicious hosting, not code flaws: Server-hosted Trojans and links are common delivery mechanisms.
- Defensive steps: Verify inviters, avoid unknown servers, use hardware wallets, and report suspicious activity immediately.
Conclusion
The “try my game” Discord scam demonstrates that social engineering remains the biggest vulnerability in crypto communities. By applying simple verification steps, isolating wallets, and reporting suspicious behavior, users greatly reduce the risk of large losses. COINOTAG will continue to monitor developments and publish safety guidance.