diff --git a/keyserver/src/deleters/thread-deleters.js b/keyserver/src/deleters/thread-deleters.js
--- a/keyserver/src/deleters/thread-deleters.js
+++ b/keyserver/src/deleters/thread-deleters.js
@@ -1,7 +1,5 @@
 // @flow
 
-import bcrypt from 'twin-bcrypt';
-
 import { permissionLookup } from 'lib/permissions/thread-permissions';
 import { hasMinCodeVersion } from 'lib/shared/version-utils';
 import {
@@ -34,11 +32,9 @@
 
   const [
     permissionsBlob,
-    [hashResult],
     { threadInfos: serverThreadInfos },
   ] = await Promise.all([
     fetchThreadPermissionsBlob(viewer, threadID),
-    dbQuery(SQL`SELECT hash FROM users WHERE id = ${viewer.userID}`),
     fetchServerThreadInfos(SQL`t.id = ${threadID}`),
   ]);
 
@@ -65,13 +61,6 @@
   if (!hasPermission) {
     throw new ServerError('invalid_credentials');
   }
-  if (hashResult.length === 0) {
-    throw new ServerError('invalid_parameters');
-  }
-  const row = hashResult[0];
-  if (!bcrypt.compareSync(threadDeletionRequest.accountPassword, row.hash)) {
-    throw new ServerError('invalid_credentials');
-  }
 
   await rescindPushNotifs(
     SQL`n.thread = ${threadID}`,