Roblox is one of the world’s most popular games with an estimated 230 million players – most of them children. And Roblox is also pretty dangerously awful. If it’s not exploiting young developers for virtually free labor (and taking 70 percent of all their profits), it’s not protecting children from child abuse, according to two previous reports from People Make Games.
Now, a new investigative report from journalist Luke Winkie (via IGN) has found a “thriving underworld” of scammers, hackers, and thieves in Roblox, including various Discord communities, subreddits, and forums that host teenage hackers who bank on the naivety of other Roblox – players.
It all stems from Roblox’s robust marketplace, where players can purchase cosmetic items that range in price from a few dollars to a few thousand. And when the real value of digital items reaches thousands, it encourages players to grab the green by any means necessary.
A scheme described by interviewing a couple of twenty-something 13-year-olds is basically a phishing scam. They would search for players with valuable items in the game or on Roblox’s various Discord servers and then try to get personal information from that player to take over their account. Once gained access, the fraudsters then empty players’ wallets and sell all their items on third-party sites like RBX Flip, a Roblox “casino” where players gamble with items. These online gambling sites essentially launder the stolen goods, acting as fences and making it harder for Roblox to track them down.
Another 13-year-old hacker uses a more high-tech approach. A custom “pin cracker” script can hack into a player’s account, obtain their username, password and IP address and automatically de-verify their email, leaving them often unaware that their account has been hacked and have no recourse to pick it up. That player noted that he could earn as much as $6,000 in a single heist.
Roblox told IGN in a statement that it uses two-factor authentication for all users and provides educational materials for players to avoid fraud, as well as “aggressively deterring” players from moving transactions to third-party sites. Tellingly, however, Roblox has made few, if any, moves against third-party cosmetic gambling or trading sites.
