4 min read

Hackers are using stolen Discord accounts to spread fake MrBeast giveaways

Silviu STAHIE

July 03, 2026

Hackers are using stolen Discord accounts to spread fake MrBeast giveaways

Discord users are facing a growing wave of account hijackings that turn their profiles into tools for cybercriminals spreading scams. Instead of creating fake accounts, scammers take over real Discord profiles and use them to send messages promoting fake MrBeast giveaways, online casinos, free cryptocurrency, and other fake offers.

Because these messages come from the accounts of friends or people they’ve known for years, potential victims are far more likely to trust them. In many cases, the original account owner doesn't realize their profile has been compromised until contacts begin reporting suspicious messages.

Key takeaways

  • Cybercriminals are hijacking legitimate Discord accounts instead of relying on fake profiles.
  • Compromised accounts commonly spread fake MrBeast giveaways, casino promotions, and cryptocurrency scams.
  • Many attacks begin with information-stealing malware that takes Discord session tokens, allowing attackers to bypass passwords and, in some cases, two-factor authentication.
  • Friends and community members are more likely to trust messages sent from a legitimate account, helping the campaign spread rapidly.
  • Users who click malicious links, authorize rogue Discord applications, or download infected files risk losing their own accounts.

Why hackers use real Discord accounts and MrBeast’s image

Instead of creating new accounts that are likely to be flagged as suspicious when they begin sending scam messages, attackers compromise existing Discord profiles with established friend lists and verified memberships on known servers.

Once the attackers get access to the victim’s account, they use automation tools to send scam messages to everyone in the victim's contact list or across multiple servers before Discord or the account owner can intervene.

Security researchers have observed campaigns promoting fake giveaways, cryptocurrency investments, online casinos, and phishing websites using accounts stolen from ordinary users. Reports from RaidProtect reveal that tens of thousands of compromised accounts may have been involved in large-scale scam campaigns so far in 2026.

“The number of hacked accounts identified has doubled in a month, and the volume of deleted images now exceeds 2.3 million. The unique image catalog is growing too (+72%): this mainly signals that new visual clusters are appearing,” said security researchers.

Discord attackers don’t choose MrBeast randomly. This YouTuber is very well known by kids and teenagers, and his popularity with this particular age group makes him the ideal lure.

How the fake MrBeast giveaway scam works

The attack begins when the Discord account is compromised, which can happen in numerous ways, from mods, cracked software, cheating tools, malicious browser extensions or even phishing attacks.

Depending on the type of attack, scammers can access an already authenticated session, which means victims can remain logged even as criminals control the account from another device.

After that, the scam messages are distributed automatically.

The compromised account begins sending messages such as:

·      "MrBeast is giving away $2,500."
·      "Claim your reward."
·      "You've been selected."
·      "Join this casino and receive free credits."

Some campaigns feature professionally designed graphics that mimic posts from MrBeast, Elon Musk, and other well-known personalities.

Finally, when someone falls victim, they simply repeat the cycle as they are asked to download software, connect a cryptocurrency wallet, scan a QR code, authorize a malicious Discord OAuth application or enter credentials on a phishing website.

Once compromised, their accounts begin sending the same messages, allowing the campaign to expand quickly. 

What to do if your Discord account is hacked

If attackers have gained access to your Discord account:

Change your password immediately. Use a clean, malware-free device whenever possible.
Secure your email account. If attackers control your email, they may regain access to Discord even after you change your password.
Enable multi-factor authentication. MFA greatly improves account security, although session token theft can still bypass it in certain scenarios.
Review authorized applications. Remove any Discord applications you don't recognize.
Scan your computer. If malware remains on your device, changing your password alone won't solve the problem.
Warn your contacts. Tell friends not to click any suspicious links sent from your account while it was compromised.

How to protect yourself from future attacks

Reducing your risk doesn't require abandoning Discord. It requires adopting safer habits and that includes being skeptical of links and campaigns that are seemingly promoted by famous people. Mr. Beast is only one such example. As it happens, though, he’s one of the more popular lures.

Bitdefender Ultimate Security helps stop these attacks before they can compromise your account. Its award-winning malware protection blocks information stealers, Scam Protection Pro helps identify sophisticated scams, while the password manager, unlimited VPN, and Digital Identity Protection work together to secure your accounts and alert you if your personal information is exposed in a data breach.

Whether you use Discord to game, collaborate with friends, or manage online communities, protecting your device is one of the best ways to keep your account—and everyone connected to it—safe.

FAQ

Is MrBeast really giving away money on Discord?

Answer: Discord messages claiming to offer giveaways from MrBeast are likely scams. Always verify giveaways through MrBeast's official channels before clicking any links.

Can hackers access my Discord account without knowing my password?

Answer: Yes. Information-stealing malware can hijack your active Discord session by stealing authentication tokens or browser cookies.

Does two-factor authentication (2FA) stop these attacks?

Answer: 2FA helps prevent many account takeovers, but it may not stop attackers who steal an active Discord session using malware.

What should I do if my Discord account is hacked?

Answer: Change your password, secure your email, revoke unknown sessions and apps, scan your device for malware, and warn your contacts about suspicious messages.

How can I tell if a Discord giveaway is fake?

Answer: Be suspicious of giveaways that ask you to download software, scan QR codes, connect crypto wallets, or log in through unfamiliar websites.

How can I protect my Discord account?

Answer: Enable 2FA, avoid downloading files from untrusted sources, review authorized Discord apps regularly, and use reliable security software to block malware.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader