🚨Important Update For VRChat Players.
— Rollthered (@RolltheredDev) April 13, 2026
Poiyomi has posted a voice recording. This is infact his real voice (You can confirm this from the tutorial series on YouTube)
He is still not secure and says "I don't know how long I'll have access to my discord or Twitter." pic.twitter.com/DwDnVzHDdj
Update 14/04/26 – 11:07 am (IST): Rollthered has now shared what he says is a genuine voice recording from Poiyomi, adding a new layer to the ongoing VRChat hack situation. In the clip, Poiyomi says he is recording from his phone and warns that he does not know how much longer he will have access to his Discord or X accounts.
The message also shows Poiyomi thanking users for their support while describing the situation as serious. In a separate recording tied to the incident, a speaker claims the compromise appears to have impacted connected Google services and other web services, suggesting the fallout may be broader than just social accounts.
🚨RE: the Poiyomi VRChat Hack Situation.
— Rollthered (@RolltheredDev) April 14, 2026
Just got off a group call with Poiyomi.
Currently we have 1 lead on a contact at YouTube and are waiting for a response back.
If you are a creator who knows someone working at YouTube please let us know. pic.twitter.com/nLv3lRahMc
Update 13/04/26 – 11:45 am (IST): A Poiyomi shader administrator has now officially confirmed that Poiyomi’s email, Patreon, and Discord accounts were compromised, and that the VCC Patreon listing has been suspended. No changes to the VCC release have been confirmed so far, but the situation is still being monitored.
Poiyomi themselves also broke their silence on X, confirming the Google account was compromised after downloading a mod pack from CurseForge. That lines up with what the community had already pieced together.
Hey guys sorry for the scare. My google account got compromised through downloading a random mod pack for minecraft on curseforge
— poiyomi (@poiyomi) April 13, 2026
Original article published on April 13, 2026, follows:
VRChat users and creators are being warned not to download or update Poiyomi shaders right now.
The developer behind one of the most widely used shader packages in VRChat had their Discord, email, and Patreon accounts compromised. According to multiple reports, a hacker gained control of the official Poiyomi Discord server and began locking channels while deleting staff announcements.
VRChat creator Liindy put the spotlight on it on X, saying a hacker had gained access and was actively taking over the Discord server at the time of posting. Here’s the screenshot they shared:
Developer Rollthered quickly followed up with a public warning urging VRChat users to not download any packages or use Creator Companion listings until further notice.
From what community members have pieced together, the breach started after Poiyomi downloaded a malicious Minecraft mod package from CurseForge. The file, supposedly shared by friends wanting to play together, appears to have been a social engineering attack that gave the hacker access to multiple accounts.
Staff in the Poiyomi Discord server moved fast to lock things down. But the situation remained messy for a while, with the compromised account reportedly deleting safety messages as they went up. The same concerns popped up on Reddit’s r/VRchat, where the original post and comments basically noted “don’t touch anything new” and that existing local copies are still safe.
Right now, just avoid downloading fresh copies or updating existing ones through official channels. Most people say that shaders you already have installed locally on your computer should be fine. Some community repositories, including Uni-VCC, have already switched to lockdown mode and are only serving older, verified safe versions.
Poiyomi shaders are hugely popular in VRChat. They power custom avatars for thousands of users thanks to their flexible lighting, effects, and performance options. So you can guess why this incident has the whole community on edge.
Recovery efforts are underway, but as of this writing, the full scope is still unclear. No one knows yet whether any malicious packages actually made it out through Patreon or the official repo.



