Discord Strife | A Warning From Coex Snowhart

Current status

The incident originally happened on May 12, 2026, and we will update this page if Discord responds or if the account status changes. Alex's email account was recovered, but his Discord account is still locked behind 2FA that the attacker allegedly added after the compromise. Discord support was contacted from the account's registered email and escalated the case, but no account recovery had happened when this page was published.

Who we are

We are not trying to scare strangers. We are trying to warn friends.

If you know us from Final Fantasy XIV, you probably know us as Coex Snowhart and Axel Ironclad from Faerie. We enjoy playing with people, meeting friends, joking around, helping where we can, and being part of the social side of the game. Discord is a huge part of that.

We are friendly people. We try to be trustworthy. People generally like us, and we like being easy to talk to. That is exactly why this scared me so much. This did not happen because Alex is careless or because he was doing something reckless. It happened because someone he trusted appeared to send him a normal file.

I am putting this site up the way I would warn a friend in a Discord call: please do not assume your DMs are safe just because you are careful. Your privacy can be exposed when someone else gets hacked.

What happened

A normal file from a trusted person became an account takeover.

Two days before this page was written, Alex's sister's Discord account was compromised. From her trusted account, a malicious file was sent to Alex. Because they regularly send files to each other, the file did not look suspicious in context. I can say honestly that if my own sister sent me something that looked normal, I might not question it either.

When Alex opened it, the malware collected browser data, including cookies and saved passwords, and uploaded that information to the attacker. The attacker then used that access to take over his email and Discord account. The email account was recovered, but the attacker had already added 2FA to Discord.

That changes the problem from "reset the password" to "prove to Discord that the legitimate owner did not add the 2FA." The support conversation below shows the recovery request, the generic first response, the clarification, and the escalation. After that, we waited.

Why this matters

Your privacy depends on everyone you have ever trusted in DMs.

Private history is not isolated.

If someone gets into one account, they may be able to read years of messages, photos, files, names, plans, relationship details, and anything else shared with that person.

Trust can be weaponized.

A malicious file from a stranger is easy to question. A file from a sibling, partner, close friend, raid member, static member, or long-time server admin is much easier to open without thinking.

Compromise spreads socially.

Once an attacker controls an account, they can message contacts as that person and repeat the same attack across the friend graph.

2FA can become a lockout tool.

2FA protects accounts when the owner controls it. If an attacker adds it first, the real owner may lose access even after recovering email.

Protect yourself

Use Discord. Just do not treat it like a vault.

I know most of us cannot simply stop using Discord. Our friends, FCs, statics, communities, and families are there. These are the precautions I wish everyone would take before this happens to them.

Do not run files from DMs without verifying out of band.

Ask by phone, text, or another app before opening anything unexpected, even from family or close friends.

Enable 2FA now and save backup codes offline.

If you wait until after compromise, an attacker may add their own 2FA before you can recover the account.

Stop saving important passwords in the browser.

Use a dedicated password manager, unique passwords, and passkeys or hardware security keys where possible.

Treat old DMs as breachable records.

Delete sensitive history where you can, avoid sending anything deeply private through Discord, and assume recipients can be compromised later.

If compromised, act in this order.

Disconnect the machine, change email first, revoke sessions, change passwords from a clean device, warn contacts, and file support tickets immediately.

Warn people before the attacker does.

Use another account or another platform to tell friends not to open files, links, or urgent requests from the compromised account.

Support log

The recovery request and responses.

These screenshots are included so people can see what was reported and what support replied. Personal last names have been redacted from the public copies.

Initial Discord support request explaining that the hacked account had attacker-added 2FA. — Initial support request: hacked account, email recovered, attacker-added 2FA, and attackers messaging contacts.

Discord support response with password reset advice and 2FA backup code guidance. — First response: generic account security and backup-code guidance, plus a request to reply from email.

Follow-up reply clarifying that there was no previous 2FA and the attacker added it. — Clarification: the account owner did not previously have 2FA and cannot access backup codes.

Discord support response saying the case would be passed to someone for a closer look. — Escalation: support says the case is being passed along for a closer look.

Final reply giving location and timing details about the compromise. — Final details: timing, malicious zip file, browser behavior, and normal account activity location.

The point

This is not a request for money. It is a warning.

Discord is where many of us talk because everyone is already there. I will still use it for my friends and for Final Fantasy XIV, because that is where people are. But I do not trust it the way I used to, and I do not want anyone I care about to learn this lesson the hard way.

Please treat anything you send there as something that could be seen by someone else someday, not because your friends are bad people, but because good people can be hacked.