Trend Report

Rise of Social Engineering in Web3

Why Discord impersonation is becoming the #1 vector for wallet drains in 2025.

Introduction

In the decentralized expanse of Web3, where trustless systems promise autonomy and security through cryptography, the human element remains the weakest link. Social engineering— the art of manipulating individuals into divulging confidential information or performing actions that compromise security—has surged as a dominant threat vector. By 2025, it eclipsed traditional smart contract vulnerabilities, accounting for billions in losses across blockchain ecosystems.

Among various platforms, Discord has emerged as the epicenter for these attacks, particularly through impersonation tactics that lead to wallet drains. This article delves into the technical underpinnings of these exploits, analyzes why Discord impersonation became the #1 vector for wallet compromises in 2025, and explores mitigation strategies grounded in advanced security practices.

Web3's allure lies in its permissionless nature: anyone can participate in decentralized finance (DeFi), non-fungible tokens (NFTs), and decentralized autonomous organizations (DAOs) without intermediaries. However, this openness amplifies risks. Attackers exploit psychological vulnerabilities rather than code flaws, using sophisticated phishing, malware distribution, and impersonation to bypass even the most robust on-chain defenses.

The Evolution of Social Engineering in Web3

Social engineering predates Web3, rooted in classic tactics like pretexting, baiting, and quid pro quo. In blockchain contexts, it adapts to exploit the unique architecture of wallets and transactions. Unlike traditional banking, where reversibility offers some recourse, blockchain transactions are immutable—once funds are transferred, they're gone.

Key adaptations in Web3 include:

  • Phishing for Signatures: Attackers trick users into signing malicious transactions via Ethereum's EIP-712 or Solana's equivalent, granting approvals for token spends without immediate transfers. This uses the approve function in ERC-20 contracts, allowing drainers to siphon assets later.
  • Malware Integration: Tools like AsyncRAT or Skuld Stealer, distributed via Discord, capture seed phrases, private keys, or browser data. These often employ time-based evasion to avoid detection during sandbox analysis.
  • AI-Enhanced Deception: By 2025, AI-generated deepfakes and chatbots impersonated project admins, scaling attacks. Voice phishing (vishing) detection rose 442% from H1 to H2 2024, a trend that accelerated into 2025.

Discord's role amplified these tactics. As the de facto hub for Web3 projects—hosting AMAs, support channels, and community discussions—it facilitated impersonation. Scammers create bots or fake accounts mimicking moderators, exploiting the platform's API for automated DMs and invite hijacking.

2025 Statistics: A Year of Escalating Losses

2025 marked a pivotal shift: total Web3 losses hit $3.35 billion across 318 incidents, up 78.2% from 2024. Social engineering dominated, with H1 alone seeing $340 million drained from just three major attacks on Bitcoin, Ethereum, and Solana. By mid-year, phishing and social engineering tallied $600 million, surpassing access control exploits in frequency.

Impersonation scams surged 1,400% year-over-year, fueled by AI, while personal wallet compromises rose to 23.35% of total thefts. Discord-specific vectors, like the "Try My Game" scam, led to individual losses up to $170,000, with malware stealing wallet data and Discord tokens. Wallet drainer phishing, often initiated via Discord, fell 83% to $84 million but affected 106,000 users, indicating a pivot to high-value targets.

Mechanics of Discord Impersonation Attacks

Discord's architecture—featuring servers, channels, DMs, and bots—makes it ideal for social engineering. Attacks typically follow a multi-stage process:

  1. Initial Contact: Scammers infiltrate communities via compromised accounts or bots. They impersonate support staff, using similar usernames (e.g., @Admin_Support vs. @AdminSupport) and avatars. In 2025, AI tools generated realistic profiles, evading manual moderation.
  2. Building Trust: Pretexting involves feigning help for "wallet issues" or "airdrop claims." Victims are directed to private DMs, where scammers request screen shares or file downloads. For instance, the "Try My Game" scam lures users with beta testing offers, delivering malware that exfiltrates data.
  3. Malware Deployment: Links lead to drainers or infostealers. Crypto drainers use JavaScript to mimic legitimate dApps, prompting wallet connections and malicious signatures.
    Technical flow:
    1. User connects wallet (e.g., MetaMask via WalletConnect).
    2. Drainer requests eth_signTypedData_v4 for a hidden setApprovalForAll or transferFrom.
    3. Assets are drained via automated bots querying blockchain APIs.
  4. Execution and Laundering: Once compromised, attackers use mixers like Tornado Cash or cross-chain bridges to obscure funds. In one case, hijacked Discord invites redirected to phishing sites hosting drainers.

Technical vulnerabilities include Discord's invite system, allowing vanity link hijacking, and lack of built-in transaction simulation for linked wallets.

Case Studies: Real-World Drains in 2025

The $330 Million Bitcoin Heist

An elderly investor fell to social engineering via Discord impersonation, losing $330M. Attackers posed as support, tricking the victim into revealing seed phrases.

Inferno Drainer Campaign

Revived in 2025, this targeted crypto communities via Discord phishing, redirecting to fake Collab.Land sites for wallet drains.

Personal Accounts from X

User @DotComParker lost $60K via screen-share scam on Discord, where malware captured wallet passwords. Similarly, @CommanderCrypto nearly signed a malicious transaction from a flipped account.

Why Discord?

Discord's 150M+ users in Web3 communities create a target-rich environment. Features like voice channels enable vishing, while bots can automate scams. In 2025, 20% of malicious URLs on Discord were phishing, per Bitdefender. Moderation challenges—e.g., impersonators evading bans—exacerbate issues, as noted by DeFi teams abandoning public servers.

Prevention Strategies

Hardware Wallets: Use Ledger or Trezor for cold storage, avoiding hot wallet exposures.

Transaction Simulators: Tools like Web3 Antivirus simulate txs pre-signature.

Multi-Factor and Biometrics: Enable Discord 2FA; use passkeys for wallets.

AI Detection: Platforms like Collony.ai employ ML for impersonator flagging.

Conclusion

Discord impersonation's rise in 2025 underscores Web3's human-centric risks. By blending tech defenses with awareness, we can mitigate these threats. As AI bolsters attacks, defensive AI will counter with real-time anomaly detection. However, human vigilance remains key.

References & Further Reading

[1] CertiK Hack3d Report 2025 [2] Lunaray 2025 Blockchain Report [3] QuillAudits Social Engineering Losses [4] Hacken H1 2025 Report [5] Chainalysis 2025 Crypto Crime Update [6] CoinDesk 2025 Hacks Analysis [7] SlowMist 2025 Report [8] Kerberus Web3 Security Report [9] SSLStore Social Engineering Stats [10] Darktrace Crypto Wallet Scams [11] Blockchain Council "Try My Game" Scam [12] Yahoo Finance Wallet Drainer Losses [13] The Hacker News Discord Hijacking [14] Coinbase Consumer Protection [15] Check Point Inferno Drainer [16] Bitdefender Scamio on Discord