Sign in to follow this  
Followers 0
Blainie

wow WeakAuras Gold Scamming in WoW

1 post in this topic

15452-weakauras-gold-scamming-in-wow.jpg

Ever wondered what it would be like to have someone walk up to you, initiate a trade and then have all your gold disappear? This could happen to you right now!

 

The first thing I'd like to say before anything else is that this is NOT a slight on the add-on itself. I love WeakAuras, I use it while raiding and it has made raid leading a million times easier. 

 

However.

 

It looks like there have been cases on live servers of gold scamming via the use of WeakAuras. For those of you that don't know, WeakAuras essentially allows players to write scripts to run commands that the interface within the game allows. It's mainly used to display certain visual effects for raiding and rotation help, such as displaying buffs and debuffs in a more noticeable fashion.

 

As stated on the US forums, it seems that certain players have managed to create a script in-game that can control your trade window. They will link a script, often asking for help with it, and as soon as you run it, your trade window will be under automatic control. If anyone comes to trade you, you will automatically trade all of your gold to that character, without clicking anything. You won't even see the trade window pop up.

 

It seems the author of WeakAuras has come forward, saying that you might not even need to run the script. You might just have to add the script to your WeakAuras and the code will run itself. 

 

The author has acknowledged these problems publicly and has said he is working hard to fix them, but this is at least something for people to know about until it is fixed. I definitely don't think people should stop using the add-on, it's an amazing creation, but I do think players just need to ensure they trust whoever is sending them scripts.
 

You can also find the Reddit thread here.

 

UPDATE: It looks like the problem could actually stem from Blizzard, not the WeakAuras add-on itself. Reddit users thefezhat and Hallgard had this to say:

"In this case someone's found a way to automate trades using the addon API, which absolutely shouldn't be possible - the relevant interface functions should be protected so that only the core game, not addons, can call them. The exploit is Blizzard's fault, Weak Auras is merely the vector for it due to the fact that you can essentially send someone a small addon by sharing an aura."

"This is something that should not be possible through WoW's API. It shouldn't be possible to transfer gold without a dialogue box popping up and manually entering in a number. If it can be automated through a script, then Blizzard needs to prevent scripts from being able to do that."

 

UPDATE 2: Official post on it by Ornyx over on the US forums.

 

Blizzard Icon Ornyx on WeakAuras

 

Thanks for the information and patience, everyone. We’ve gotten word that an update to WeakAuras will be going out tonight, and should resolve this issue. Until then, we recommend that you disable this AddOn to avoid this issue entirely.
 
We have plans in place to rectify this type of situation in the future by adding an extra step of security for all gold transfers.
 
---
 
We would like to reiterate, once again, that while the use of AddOns is permitted, they are not directly supported by us, and, as such, you should always be wary before downloading anything, or, in this case, importing any script.
 
If you believe you were affected by someone using this method please report it via a ticket to our Customer Service team here: https://us.battle.net/support/en/help/ 
 
In that ticket, please include the realm and name of your character and specify what happened. Our Customer Service team will be able to investigate the matter and take what actions are deemed appropriate. 
 
In the future, please avoid discussing and theorizing about possible exploits on the forums. This can lead to more people getting out there and "testing" the exploit, which can lead to more players being affected. If you encounter a possible exploit, please report it to our hacks team as soon as possible: http://us.blizzard.com/en-us/submit/hacks.html
 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Stan

      Trial of Style is a new micro-holiday scenario added in Patch 7.2.5 and we previewed it a while ago in more detail. Blizzard recently added set rewards to all transmogrifiers that you can purchase after collecting 25 Mog Week Tokens.
      Mog Week Token is the main currency of the transmog micro-holiday, earned from Mog Week Prizes, like Mog Week Reward: First Place. All sets are from Burning Crusade dungeons, only the Mail set contains world drop items, like Der'izu Chestpiece, Der'izu Legguards and so on. Below, we previewed all sets that you can get by turning in 25 Mog Week Tokens.
      Cloth Wearers
      Ensemble: Mana-Etched Regalia
      Leather Wearers
      Ensemble: Obsidian Prowler's Garb
      Mail Wearers
      Ensemble: Marshcreeper Armor
      Plate Wearers
      Ensemble: Righteous Battleplate
      The vendor also sells Fashionable Undershirt for 1 Gold but it requires the Stylish! buff earned by winning 1st place in Trial of Style. The buff lasts for 5 days and stacks.

    • By Starym

       
      People jumping into a well from a very long way away. Because.
      Back in my day™ all we did was idle on the old Orgrimmar bank roof all day and it was totally exciting. This newfangled Legion expansion is taking everything to the extreme, including idling in the city - and this proves it! The latest reddit activity seems to be jumping from quite a long way a way straight into the sewer portal well for... reasons, and there have been quite a few damn impressive holes in one. Super holes in one you might say. Usually with these you slowly build up to the amazing one, but the amazing one is just too amazing to wait, so let's just begin at the top with the clear winner, with an outside the green shot that will haunt you (source):
      Then we have some Monk action (source):
      Unfortunately can't embed this one so you'll have to go through the agony of having to actually click it! (Source)
      The Warrior one has a plot twist at the end: he DIDN'T end up in Azsuna! (Source)
      The druid version seems a little boring, but impressive nonetheless (source):
      Then we have a ground level shot (source):

      And finally, I know I said the best one was at the beginning, but I lied. Here's the clearly most impressive super hole in one (source):
    • By Stan

      Yesterday, I wrote about updates to the Shoe Shine Kit toy and how its tracking quest got stealth fixed in the latest 7.2.5 PTR build.
      The toy was unavailable until now, because Blizzard simply forgot to fix it and the chest could not be opened. 
      Sheddle Glossgleam leaves the toy store (2nd floor of Photonic Playground - 44, 47) at 12 AM (PST) / 3 AM (EST) realm time and goes drinking in Legendermain Lounge. During his absence, a chest spawns that contains the toy - Shoe Shine Kit. Only one person may loot it, because it will disappear afterwards. The toy makes shoes sparkle. There are still items in the game that haven't been discovered yet, such as the Fishing Artifact appearance The Broken Hook and more.
    • By Stan

      In addition to pets coming with the Deadmines Pet Battle Dungeon, the latest 7.2.5 PTR build added two pets that drop from the Time-Lost Wallet inside the Deaths of Chromie Scenario and our friends over at WarcraftPets seem to have discovered a new fairie dragon pet possibly from Argus.
      Ageless Bronze Drake (Ageless Bronze Drake)
      The pet is a miniature version of the Reins of the Bronze Drake mount and has a unique Rewind Time ability "This particular drake has oddly retained its age throughout its travels, but its size has certainly changed."
      Bronze Proto-Whelp (Bronze Proto-Whelp)
      The pet's a miniature version of the Reins of the Time-Lost Proto-Drake (Storm Peaks) mount and comes with the an ability to bend time "The Bronze Proto-Whelps have been discovered only in the most peculiar of timelines."
      Sun Darter Hatchling - Faerie Dragon Pet
      Quintessence from WarcraftPets suggests this pet may be from Argus as noted by its description. If you try to paste the item in-game (Patch 7.2), it seems to coincide with a mount tagged named as "REUSE", however 7.2.5 Mount Journal lists the pet and so does the in-game tooltip.

      Sun Darter Hatchling drops from Oddly-Colored Egg (Source N/A) "This unique species of faerie dragon is not usually found on Azeroth."
    • By Stan

      Nether Disruptor is again up in both regions and with Seal Your Fate, you can get a free Seal of Broken Fate each day the Nether Disruptor is active.
      The good news is that these bonus seals go beyong the normal 3 limit. All you need to do is accept the quest Fate Sealed from Maggie "Slither" Masterson (coords: 41.19 // 64.46).
      World Boss Apocron

      The permanent Nether Disruptor perk (Epic Hunter) always unlocks a Broken Shore World Boss that drops item level 900 loot and this time, it's Apocron. Below is the loot he drops.
      Apocron's Energy Core Ashen Worldscorcher Gloves Band of Dark Millennia Charged Felfire Casing Doom-Herald's Footpads Harness of Devouring Flame Reaver's Rattling Girdle Spaulders of Forgotten Worlds