Jump to content
View in the app

A better way to browse. Learn more.
Top MC Server

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
TopMCServer Player Guide

The MrBeast Discord Scam

A detailed breakdown of how players are losing their accounts, their sessions, and their money.

Hacking Vectors: How it Starts

You receive a DM from a friend about a MrBeast giveaway promising a **$2,500 signup bonus**. We all know those are scams, but how did your friend get hacked, and what happens if you click?

A | Malware & Stealers

This is the most dangerous vector. Hackers distribute "mod packs," Roblox Executors, or Minecraft **CPVP Mods/Cheats** on untrusted Discords or YouTube descriptions. These `.jar`, `.exe`, or script files are Information Stealers (like RedLine or Raccoon Stealer).

B | False Verification Bots

It is important to understand: not all NSFW or gaming servers are traps. However, scammers frequently place false verification bots on these servers. They may ask you to scan a QR code or authorize an application to view NSFW content or verify your age. Scanning this QR code instantly logs the hacker into your Discord account via their device.

WARNING: Do not random links or download untrusted files online, even if from friends. You risk getting your identity stolen, your bank account juiced, or even being DDOSed.

The Technical Part: Session Hijacking

The core mechanism of this scam is **not** password theft. It is the theft of your browser **cookies and sessions**.

Why 2FA Doesn't Save You

When you log into Discord or Microsoft, the server generates a unique "Session ID" or "Auth Token" and stores it in your browser as a cookie. When you close the browser and reopen it, you are still logged in because the browser still possesses that active session token. It does not need to re-prompt you for a password or 2FA.

If an Information Stealer grabs these tokens from your browser's SQLite database, the hacker simply injects that token into their own browser and effectively 'becomes' you. They have bypassed your 2FA entirely.

DO NOT TRUST ANYTHING/ANYONE. DO NOT BE DESPERATE FOR HACKS OR CHEATS.

The Website & The Payment Loop

These sites are obvious scams once you click. If you inspect the element (F12), you will see that all the withdrawal and winning values are **hard-coded** into the JavaScript. They are theatrical performances.

The "Hardstuck" loops of popups:

1 You 'win' and attempt to withdraw. Website demands complete identity verification via a fee of $60.
2 After you pay, a popup appears: Verification Failed. (This is hard-coded to occur).
3 When you attempt to withdraw a second time, a second popup occurs: Verification session error: Invalid IP.
4 They demand a payment of $100 to reset your session and verify again.

They force you to repeat this cycle until they have juiced **$5,000+** from your account. DO NOT put your credit card info here.

Industrial Scale: The 1900 Domains

This is not a single person doing this manually. Scammers currently maintain **over 1,900 active domains/URLs** for this single scam.

Each individual URL will open a different visual "theme" (Minecraft theme, Roblox theme, Gamble theme), but it is the same underlying scam code and the same hardstuck payment loop.

Highly Complex Account Security (Post-Exposure)

If you have already downloaded a suspicious file, clicked a link, or believe you were compromised, basic password resets will not suffice. The Informational Stealer may still be on your machine, continuously harvesting any new sessions. Follow these steps in exact order:

  • Identify and Remove Persistence Mechanisms Information stealers place themselves in your system's startup folders or registry keys to survive reboots.
    • Check taskmgr > Startup tab for unknown entries.
    • Check registry key HKCU\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce.
    • Consider using Sysinternals Process Explorer to look for anomalous process trees. If heavily infected, a full OS reinstall is recommended.
  • Perform Authorization and Session Revocation Merely changing your password will not kill an active session held by the hacker.
    • In Discord, go to Settings > Devices and click **"Log out all other sessions."**
    • Review Settings > Authorized Apps. Revoke any apps you do not 100% recognize (specifically anything that mentions "joins servers for you").
      • * Repeat this for your Google and Microsoft accounts (Revoke third-party access).
  • Deep Authenticator Reset If the malware took screenshots or accessed your browser vaults, your 2FA authenticator "secret key" or "backup codes" might be compromised.
    • **Immediately revoke and re-enable 2FA** on Discord/Google/Microsoft. This generates a fresh secret key.
    • Regenerate all backup codes. **Store them on a separate, physical medium.**
  • Password Vault and Cache Purge Before entering any new passwords on the infected machine, the machine must be clean.
    • Clear the browser cache and cookies completely to kill active tokens on the machine.
    • Change all critical passwords using a separate, uninfected device (like your phone). Priority: Primary Email, Discord, Banking.

This is a community updated player safety guide hosted by TopMCServer.
Original technical data curated and adapted from community reports.

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.