WeakAuras Gold Scamming in WoW

Ever wondered what it would be like to have someone walk up to you, initiate a trade and then have all your gold disappear? This could happen to you right now!


The first thing I'd like to say before anything else is that this is NOT a slight on the add-on itself. I love WeakAuras, I use it while raiding and it has made raid leading a million times easier. 




It looks like there have been cases on live servers of gold scamming via the use of WeakAuras. For those of you that don't know, WeakAuras essentially allows players to write scripts to run commands that the interface within the game allows. It's mainly used to display certain visual effects for raiding and rotation help, such as displaying buffs and debuffs in a more noticeable fashion.


As stated on the US forums, it seems that certain players have managed to create a script in-game that can control your trade window. They will link a script, often asking for help with it, and as soon as you run it, your trade window will be under automatic control. If anyone comes to trade you, you will automatically trade all of your gold to that character, without clicking anything. You won't even see the trade window pop up.


It seems the author of WeakAuras has come forward, saying that you might not even need to run the script. You might just have to add the script to your WeakAuras and the code will run itself. 


The author has acknowledged these problems publicly and has said he is working hard to fix them, but this is at least something for people to know about until it is fixed. I definitely don't think people should stop using the add-on, it's an amazing creation, but I do think players just need to ensure they trust whoever is sending them scripts.

You can also find the Reddit thread here.


UPDATE: It looks like the problem could actually stem from Blizzard, not the WeakAuras add-on itself. Reddit users thefezhat and Hallgard had this to say:

"In this case someone's found a way to automate trades using the addon API, which absolutely shouldn't be possible - the relevant interface functions should be protected so that only the core game, not addons, can call them. The exploit is Blizzard's fault, Weak Auras is merely the vector for it due to the fact that you can essentially send someone a small addon by sharing an aura."

"This is something that should not be possible through WoW's API. It shouldn't be possible to transfer gold without a dialogue box popping up and manually entering in a number. If it can be automated through a script, then Blizzard needs to prevent scripts from being able to do that."


UPDATE 2: Official post on it by Ornyx over on the US forums.


Blizzard Icon Ornyx on WeakAuras


Thanks for the information and patience, everyone. We’ve gotten word that an update to WeakAuras will be going out tonight, and should resolve this issue. Until then, we recommend that you disable this AddOn to avoid this issue entirely.
We have plans in place to rectify this type of situation in the future by adding an extra step of security for all gold transfers.
We would like to reiterate, once again, that while the use of AddOns is permitted, they are not directly supported by us, and, as such, you should always be wary before downloading anything, or, in this case, importing any script.
If you believe you were affected by someone using this method please report it via a ticket to our Customer Service team here: https://us.battle.net/support/en/help/ 
In that ticket, please include the realm and name of your character and specify what happened. Our Customer Service team will be able to investigate the matter and take what actions are deemed appropriate. 
In the future, please avoid discussing and theorizing about possible exploits on the forums. This can lead to more people getting out there and "testing" the exploit, which can lead to more players being affected. If you encounter a possible exploit, please report it to our hacks team as soon as possible: http://us.blizzard.com/en-us/submit/hacks.html

    • By Staff
      This week's War Within Alpha build has revealed the KSM Mount for War Within Season 1. Say hi to Diamond Mechsuit!
      We have some screenshots of the new mount model. Check them out below!

    • By Staff
      Blizzard has implemented the datamined Khaz Algar loading screen this week on the War Within Alpha. Check it out!
      On May 14, Blizzard added the Khaz Algar loading screen to the game files. It depicts Alleria, Thrall, and Anduin fending off against Nerubians.

      This week, Blizzard has finally implemented the new loading screen and here is what it looks like in the game!

      Do you like it? Let us know in the comments down below!
    • By Staff
      Remember the new zone with a crystal stuck in its ceiling? Hallowfall got a brand new map this week!
      Blizzard has added a map for Hallowfall, one of the new Khaz Algar zones coming in Patch 11.0. This is the first zone on the Alpha that had its placeholder map replaced. 

      Khaz Algar has not been added to the world map yet.
    • By Staff
      The Druid of the Claw Hero tree is in focus this week, with defensive values specifically targeted so Guardian benefits a little more. Feral and Restoration also get changes, with Resto getting changes to Tranquility's effectiveness for fewer targets. 
      Druid (Source)
      This week is mostly a suite of effect tuning for Druid of the Claw. Several Druid of the Claw bonuses provided uneven value to different abilities or specs, and we’ve adjusted the bonuses granted to various abilities to give them more comparable value.
      We also adjusted the defensive value that the tree gives Feral and Guardian Druids. Tank specs should generally get more defensive value than DPS specs from their shared trees so that the tree doesn’t become a lock-in choice for DPS players in hard content, and Feral Druids of the Claw were getting a lot of defensive value.
      Our intention for the Empowered Shapeshifting / Wildpower Surge node is for it to offer mostly defensive value for Feral and a mix of offensive and defensive power for Guardian, with a passive and more active shapeshifting option. Wildpower Surge should offer meaningful damage for Guardians who use it regularly (as well as granting them the defensive bonuses of effects like Ursine Vigor and Wildshape Mastery). We don’t intend for Wildshape Mastery’s damage bonus for Feral Druids to be so strong that they use it every time it’s available, as that’s a significant complexity increase to their rotation. Instead, it’s intended to ease the damage cost of entering Bear Form as a defensive.
      Thank you for continued testing and feedback!
      And here are all the exact changes from the development notes:
      Tuning (Source)
      Druid of the Claw Ravage and Dreadful Wound damage increased by 10%. Dreadful Wound now reduces damage dealt to you by 4% for Feral and 10% for Guardian. Feral’s Aggravate Wounds now triggers from any ability that costs Energy. Empowered Shapeshifting increases the damage of Mangle by 10% (was 5%) and the damage of Swipe and Shred by 3% (was 5%). Strike for the Heart now increases ability critical strike chance and critical strike damage by 6% (was 8%). Strike for the Heart now causes Mangle to heal Guardian Druids for 1% of their maximum health. Feral’s Wildpower Surge now increases damage of your next Swipe by 50% (was 100%) or your next Mangle by 200% (was 100%). Guardian’s Wildpower Surge now increases the damage of your next Ferocious Bite or Rip by 100% (was 50%). Wildshape Mastery’s retention of Bear Form stats in Cat Form also retains Bear Form’s resistance to being critically struck or parried. Feral Primal Wrath range increased to 10 yards (was 8). Added a connector between Primal Wrath and Pouncing Strikes in the talent tree. Rampant Ferocity’s damage increased by up to 50% when the player spends extra Energy on Ferocious Bite. Thrashing Claws now requires players to know Thrash in order to apply the bleed from Thrash. Restoration Developer’s note: We are making some changes to raid healing cooldowns in The War Within to increase their effectiveness in content with less than 20 players. Our goal is to make these spells feel powerful in all forms of content, particularly smaller dungeon, PvP, or raid groups. The healing of these cooldowns will remain equal when healing 20 injured allies as they previously did and only take into account injured allies as contributing to their splash cap. This will be a slight reduction in effectiveness when healing more than 20 players, but this tradeoff has seemed reasonable to us as the availability and strength goes up as group sizes increase. Tranquility initial healing increased by 400%. Tranquility’s initial heal now decreases its healing beyond 5 targets. Tranquility’s heal over time effect is no longer increased while out of a raid environment.
    • By Staff
      This week on the War Within Alpha, Blizzard focused on updating the structure and pathing for both the Affliction and Destruction specialization trees.
      Greetings Warlocks.
      In today’s new build, we’re focusing on the Affliction and Destruction specialization trees. We’ve changed the structure and pathing of both trees and would like to provide context for some of the other changes you’ll see in this build.
      We’ve moved Darkglare upwards in the tree to make it much easier to get. We’ve shifted talents to the third section and added new talents to increase how many options are available. We’re evaluating how many two-point nodes are available and are looking to revise in a future build.
      We’ve also looked at Haunt and increased the amount of damage it does baseline to make it feel more impactful upon cast. We’ve introduced Improved Haunt as well, which is a new talent that further expands upon Haunt. Lastly, we’ve moved Haunt to the second section of the tree to make it easier to pick given how much it adds to Affliction’s single-target toolkit.
      We’re trying something new and moving Dimensional Rift, a powerful tool that gives Destruction warlocks a bit more mobility, to the center of the tree and returning Infernal to the bottom section. Infernal serves as a powerful cooldown that leveling warlocks can look forward to unlocking, but during playtesting it felt that Dimensional Rift served as a much more impactful tool.
      We’ve trimmed the number of talents available and moved around so that the second and third sections feel a bit closer in terms of the number of talents available.
      We appreciate the feedback and will continue to watch for discussions as they happen.
      Here are the latest Warlock changes taken from this week's dev notes:
      WARLOCK Hellcaller Wither damage dealt over time reduced by 30%. Wither application damage reduced by 80%. Affliction New Talent: Improved Haunt – Increases the damage of Haunt by 35% and reduces its cast time by 25%. Haunt now applies Shadow Embrace. New Talent: Malign Omen – Casting Soul Rot grants 3 applications of Malign Omen. Your next Malefic Rapture deals 20% increased damage and extends the duration of your damage over time effects and Haunt by 2 seconds. New Talent: Malefic Touch – Malefic Rapture deals an additional Shadowflame damage to each target it affects. New Talent: Infirmity – The stack count of Agony is increased by 4 when applied by Vile Taint. Enemies damaged by Phantom Singularity take 10% increased damage from you for its duration. Haunted Soul has been removed. Haunt damage increased by 230%. This change does not affect PvP. Cull the Weak has been moved to gate 2. Summon Darkglare has been moved to gate 2. Malevolent Visionary has been moved to gate 2. Haunt has been moved to gate 2. Shadow Embrace has been moved to gate 2. Empowered Unstable Affliction has been moved to gate 3. Relinquished has been moved to gate 3. The following talents are now 1 point: Empowered Unstable Affliction The following talents are now 2 points: Withering Bolt Destruction Reverse Entropy and Internal Combustion have been moved to gate 2. Explosive Potential has been moved to gate 2. Scalding Flames has been moved to gate 1. Dimensional Rift has been moved to gate 2. Dimension Ripper has been moved to gate 2. Infernal has been moved to gate 3. Crashing Chaos has been moved to gate 3. Infernal Brand has been moved to gate 3. Rain of Chaos has been moved to gate 3. The following talents have been removed: Flame Rift Lessons of Space-Time Unstable Rifts
  • Create New...