You installed malware sent on Discord or Telegram
Scammers pose as friendly community members, potential business partners, or even "support staff" and send files that contain malware. This malware can steal seed phrases, monitor your clipboard, or take control of your browser extensions.
This is one of the most common attack vectors in crypto. The person who sent you that file was not who they claimed to be.
How this attack works
Someone friendly — a 'collab partner,' a 'project team,' a 'support agent,' or a compromised friend's account — sends you a file: a game build to test, a PDF, a 'bot,' or an installer. Opening or running it installs an info-stealer that harvests seed phrases, browser wallet data, and clipboard contents.
The social setup is the point: trust and a plausible reason lower your guard before the payload ever runs. The sender was never who they claimed to be, or their account was hijacked.
Warning signs
- •You downloaded or ran a file someone sent you on Discord or Telegram.
- •The opportunity, job, or collaboration came through an unsolicited DM.
- •You were asked to disable antivirus or 'allow' a security warning.
What to do right now
- •Never download files from people you don't know personally
- •Be suspicious even of files from "friends" (their accounts may be compromised)
- •Assume anyone offering unsolicited help is a scammer
- •Run antivirus scans and consider reinstalling your OS
- •Create a brand new wallet on a clean device
Not sure this is what happened to you?
Run the 2-minute diagnostic