Strangers slide into DMs with promises of cool modpacks. Run the file and your Discord token is gone in seconds. Accounts start spamming friends with the same link while Discord support ghosts everyone. This wave is hitting the modded scene hard in May 2026.
If you play modded Minecraft and hang out on Discord there is a decent chance you or someone you know has been hit this week. The attack is not sophisticated. It relies on the oldest trick: some random account messages you about an insane new modpack or shader pack with screenshots that look legit. You click the link, download the zip, extract it, run the jar or exe and boom your Discord token gets exfiltrated.
Same Story Different Week
Reports spiked again around May 5th and 6th. One developer posted that multiple friends were compromised through Minecraft mod packs and that Discord support was responding at a glacial pace with zero useful help. Similar complaints have surfaced on Reddit and elsewhere with the same pattern: hacker changes the email, enables new 2FA backup codes, and immediately pivots to scamming the contact list with more “modpack” links.
- Targeted DMs pretending to be from fellow players or small modding servers
- Files that look like Forge or Fabric modpacks but contain stealers
- Immediate Discord takeover followed by lateral spread to friends
- Support tickets that go unanswered for days while the account does damage
Public service announcements like the one on GitHub have been circulating for a while detailing exactly how these Minecraft loggers grab Discord data from local storage and exfil it. Checkpoint Research documented similar campaigns last year using fake mods. None of it has stopped the attacks because the social engineering part is too effective and the barrier to creating new variants is too low.
There’s a hack focused around Minecraft mod packs making its way around Discord, taking over people’s accounts. Discord support is moving at a glacial pace.
This is not some sophisticated nation-state operation. It is low effort malware paired with decent social engineering that preys on the always-online modded multiplayer crowd. The stakes are real: lost accounts, compromised friends lists, potential credential dumps beyond just Discord, and hours wasted recovering what you can. Mojang stays silent because it is not their launcher. Discord treats it as user error until the volume gets high enough for PR damage.
What Actually Works
- Never run executables or jars sent in random DMs no matter how convincing the screenshots look
- Use a separate non-gaming Discord account for modding communities if you must test random packs
- Enable proper 2FA with an authenticator app and do not store backup codes in the same places
- Scan anything downloaded with up to date malware tools before execution
The modded Minecraft scene will keep getting burned until either the platforms get serious about DM file scanning and token invalidation or the playerbase develops some collective skepticism. Right now neither is happening so the stealers keep eating.
Other
Forum
