Poiyomi Shaders Compromised in Targeted Minecraft Social Engineering Attack

The VRChat community is on high alert following a major security breach involving Poiyomi, the developer behind the ubiquitous Poiyomi Shaders. Reports confirmed that the owner’s Discord server, Patreon, and personal email accounts were compromised, leading to a temporary lockdown of one of the platform’s most vital resource hubs.

Poiyomi (creator of Poiyomi shaders) got hacked. It is currently recommended to not download/update Poiyomi shaders per the staff of their Discord server
byu/bunnythistle inVRchat

According to Tupper, a representative for VRChat, the breach didn’t stem from a technical exploit within Discord itself, but rather a sophisticated social engineering tactic.

This was done via a method where the scammer invites you to a Minecraft server over Discord, and sends you a (malicious) package to install via Curseforge.

They will go as far to dig through your friends list to tell you people that are playing too, to draw you in.

Be careful! https://t.co/vt2US7VSAH

— tupper (@dtupper) April 13, 2026

The attacker reportedly invited the victim to a Minecraft server via Discord and provided a malicious package to install through Curseforge. This specific malware vector is designed to token grab, allowing hackers to bypass multifactor authentication by stealing active login sessions directly from the victim’s browser or desktop client.

“They will go as far to dig through your friends list to tell you people are playing too, to draw you in,” Tupper warned in a statement.

Because Poiyomi Shaders are essential for the majority of high-end VRChat avatars, the breach sparked immediate concern over supply chain attacks where a developer’s hijacked account is used to distribute malware to thousands of unsuspecting users.

Community members on Reddit and Twitter (X) have advised users not to download or update Poiyomi Shaders via the VRChat Creator Companion, GitHub, or Patreon until the development team confirms the accounts are secured. If you already have the shaders installed in a Unity project, you are safe. The malware risk only applies to new files downloaded during the window of the hack. Any links or files sent from Poiyomi’s official Discord or Patreon accounts should be treated as malicious until further notice.

The Discord server has been locked down and channels have been hidden to prevent the spread of the scam. While the situation is still evolving, prominent community figures have urged users to wait for verification from other members of the team, such as Sacred, Thry, or Tony Lewis, before resuming updates.

This incident serves as a stark reminder of the increasing prevalence of social engineering within niche creative communities. Even with robust security, a single trusted friend invite can lead to a total ecosystem shutdown.