Blainie

WeakAuras Gold Scamming in WoW

Sign in to follow this  

1 post in this topic

15452-weakauras-gold-scamming-in-wow.jpg

Ever wondered what it would be like to have someone walk up to you, initiate a trade and then have all your gold disappear? This could happen to you right now!

 

The first thing I'd like to say before anything else is that this is NOT a slight on the add-on itself. I love WeakAuras, I use it while raiding and it has made raid leading a million times easier. 

 

However.

 

It looks like there have been cases on live servers of gold scamming via the use of WeakAuras. For those of you that don't know, WeakAuras essentially allows players to write scripts to run commands that the interface within the game allows. It's mainly used to display certain visual effects for raiding and rotation help, such as displaying buffs and debuffs in a more noticeable fashion.

 

As stated on the US forums, it seems that certain players have managed to create a script in-game that can control your trade window. They will link a script, often asking for help with it, and as soon as you run it, your trade window will be under automatic control. If anyone comes to trade you, you will automatically trade all of your gold to that character, without clicking anything. You won't even see the trade window pop up.

 

It seems the author of WeakAuras has come forward, saying that you might not even need to run the script. You might just have to add the script to your WeakAuras and the code will run itself. 

 

The author has acknowledged these problems publicly and has said he is working hard to fix them, but this is at least something for people to know about until it is fixed. I definitely don't think people should stop using the add-on, it's an amazing creation, but I do think players just need to ensure they trust whoever is sending them scripts.
 

You can also find the Reddit thread here.

 

UPDATE: It looks like the problem could actually stem from Blizzard, not the WeakAuras add-on itself. Reddit users thefezhat and Hallgard had this to say:

"In this case someone's found a way to automate trades using the addon API, which absolutely shouldn't be possible - the relevant interface functions should be protected so that only the core game, not addons, can call them. The exploit is Blizzard's fault, Weak Auras is merely the vector for it due to the fact that you can essentially send someone a small addon by sharing an aura."

"This is something that should not be possible through WoW's API. It shouldn't be possible to transfer gold without a dialogue box popping up and manually entering in a number. If it can be automated through a script, then Blizzard needs to prevent scripts from being able to do that."

 

UPDATE 2: Official post on it by Ornyx over on the US forums.

 

Blizzard Icon Ornyx on WeakAuras

 

Thanks for the information and patience, everyone. We’ve gotten word that an update to WeakAuras will be going out tonight, and should resolve this issue. Until then, we recommend that you disable this AddOn to avoid this issue entirely.
 
We have plans in place to rectify this type of situation in the future by adding an extra step of security for all gold transfers.
 
---
 
We would like to reiterate, once again, that while the use of AddOns is permitted, they are not directly supported by us, and, as such, you should always be wary before downloading anything, or, in this case, importing any script.
 
If you believe you were affected by someone using this method please report it via a ticket to our Customer Service team here: https://us.battle.net/support/en/help/ 
 
In that ticket, please include the realm and name of your character and specify what happened. Our Customer Service team will be able to investigate the matter and take what actions are deemed appropriate. 
 
In the future, please avoid discussing and theorizing about possible exploits on the forums. This can lead to more people getting out there and "testing" the exploit, which can lead to more players being affected. If you encounter a possible exploit, please report it to our hacks team as soon as possible: http://us.blizzard.com/en-us/submit/hacks.html
 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Starym
      No more Battle Chests or purchasing previous expansions, all you need is an active subscription!
      Well, no one has to to buy base WoW anymore, ever! Everything you need to do to play up until the upcoming expansion, Battle for Azeroth, is an active subscription. No more battle chests and individual purchases, just pay that monthly fee and access the entire game as it is at the moment, with nothing missing until August 14th, when you'll have to buy BfA for the new content. Additional digital deluxe items from each expansion are available at the Blizzard shop individually, but it's now easier than ever to jump into the game and just start playing.
      Recruit a Friend has also been updated:

       
      Source: r/wow.
    • By Stan
      We found a cutscene with Vol'jin that presumably takes place after players defeat Blood God G'huun in Battle for Azeroth or at the end of the Zandalar Forever Scenario. This article contains spoilers.
      Now, remember this is an Old God expansion and we can't be exactly sure if it's really the good old Vol'jin or some sort of illusion that we're dealing with here.
      In the cutscene, Spirit of Vol'jin tells Princess Talanji to become the leader of her people and show them some sort of blade that was possibly used to kill G'huun. It's interesting to see that King Rastakhan does not appear here, suggesting he might be dead and it might be the right time for Princess Talanji to take over. The cutscene is a throwback to to the Black Panther movie. Credit to LeystTV for the video.
      Transcript
      Spirit of Vol'jin: Show dem, leader of Zandalar. Show da blade to those dat need to see it da most. Give dem peace. 
      Princess Talanji: Dis was not my achievement.
      Spirit of Vol'jin: Ya brought de champion to dese shores against ya father's will. Ya learned da secrets of G'huun when no one be listenin'.
      Spirit of Vol'jin: Ya set in motion what be needed ta save ya people. Now, more than ever, dey be callin' for a leader dey can love and trust.
      Spirit of Vol'jin: Show dem da blade. Become da symbol dey need.
      Princes Talanji: Behold de blood of G'huun. By his will were borne de deaths of Shadra, Hi'reek, Torga, and ...and Rezan.
      Princess Talanji: By his will were borne de deaths of so many of our brothers and sisters.
      Princess Talanji: Let dis glaive be displayed as a reminder dat no matter how far we fall, no matter how much we lose, we are Zandalari! We adapt, we find a way to survive!
      Princess Talanji: If it were not for dis hero of de Horde, our losses would have been far worse. DIs proves, more than ever, dat it is time for us to adapt, to become part of de world again.
      Princess Talanji: Zandalar forever!
    • By Starym
      The patch is now live on EU, NA and AU servers, after some difficulties with offline realms and connectivity issues, so Blizzard have shared some known issues as well as some additional info on upcoming hotfixes for BoA legendary acquisition via Wakening Essences and the honor/prestige level changes.
      Known Issues (source)
      Hello all,
      Below is a list of known issues for patch 8.0.1. Please note that this list is not a complete depiction of what we're aware of, but a sampling of issues we believe players may encounter more often. We'll try to keep this updated with trending issues when possible.
      General
      Mounts: Gladiator's Proto-Drakes do not display information on how to obtain mounts in journal.
      Sometimes when summoning a player as they change zones, the summon prompt will not appear.
      Stat & Spell Squish Impacts
      There are multiple issues with legacy spells & monsters scaling incorrectly.
      Dungeon and Raid
      Legacy Loot: Many raid creatures no longer drop gold.
      Highmaul: Highmaul bosses are not dropping the appropriate amount of gold when the raid is set to mythic.Dungeon Journal - Baradin Hold: There exists an option to view Baradin Hold in 10/25 man Heroic even though the difficulty does not exist.
      A Lua error may occur if you try viewing the dungeon journal from the bonus roll prompt while outside of the instance.
      Communities/Guilds/Groups/UI
      Communities will reference "Starter Edition" accounts as "Veteran Trial".
      Guild: Inviting players who are currently in your group to a guild may produce an assertion.
      Opening the Character Pane after equipping a newly acquired item on a character may result in a crash.
      Looting the corpse after a boss encounter while in a group may produce an assertion.
      Communities: Blank spaces will appear in Guild rosters if players have not logged in for multiple years.
      Players may be unable to whisper cross realm when selecting whisper from Communities UI.
      Compatibility
      DX12: Intel PSO caching issue with Intel unreleased driver.
      DX12: Crash may occur when game uses more GPU Memory than hardware allows.
      Performance on some GPUs while using DX12 is lower than DX11.
      And here are some previous tweets we already covered, so you're up to date on everything in case you missed it, featuring Allied Race unlock requirements, Brawler's Guild currency conversion and Mythic mounts:
      You can also check out the patch notes here.
    • By Stan
      The worldwide release of the pre-patch has not gone as smoothly as Blizzard would have liked and the Communities feature had to be completely disabled in Europe for now.
      Check out the list of known issues for problems that emerged after launch.
      Blizzard (Source)
      Hi everyone,

      So, as you’ve noticed, today’s patch release has not gone nearly as smoothly as we would have liked. We’re sorry for how this has affected the stability and playability of the game while these issues have been ongoing. This has obviously not been the launch that any of us wanted.

      That said, we want you to know that there are currently several teams of people working hard to get you back in Azeroth and enjoying the Battle for Azeroth Pre-Patch as quickly as possible. We’ll share more details in this thread when we can.

      Thanks for your patience,

      The World of Warcraft Team Blizzard's working on a fix to enable the WoW Communities feature in EU. The in-game and guild chat channels remain are still available for use.
      Blizzard (Source)
      As we work to identify the cause of these issues, we will be temporarily disabling the World of Warcraft Communities feature. The in-game and guild chat channels will still be available for use. The Guild Calendar may also be missing events while we address these concerns.