A new report on Roblox reveals how hackers and scammers are continuing to rip off kids

Roblox
(Image credit: Roblox Corporation)

In December 2021, the YouTube channel People Make Games shared new allegations claiming that the game and game-creation platform Roblox is unsafe for kids—its primary audience. For anyone not tuned into the Roblox scene, it was eye-opening: Literal children being swindled out of sometimes large amounts of money and work, a situation that Roblox appeared either unwilling or unable to address.

A new Vice report digs deeper into how it all happens: How "beamers," as they're called in the Roblox community, are able to hack into Roblox accounts, strip them of valuable items, and then sell them on black markets. Phishing is a big problem, obviously, as beamers use generators to automatically create legitimate-looking pages targeting specific users or items, commonly shared with Roblox users via Discord. But there are more sophisticated schemes in play too. 

One common ploy is to offer to create a new avatar for the intended target or claim they're looking for paid help to develop a game, the goal being to gain access to the victim's .HAR file, and more importantly the login token it contains. A Google Chrome extension enables those tokens to be manipulated in order to gain access to targeted accounts; .HAR files contains a warning that explicitly states the risk of sharing it, but it often goes overlooked or ignored.

Beamers have also been able to gain control of targeted accounts by using fake Paypal screenshots to convince Roblox support that they're the proper owners, similar to the takeovers of "high-profile" FIFA accounts by hackers in January. One player told Vice he believes his account was compromised via "SIM swapping," in which the victim's mobile carrier is tricked into sending texts and calls to a SIM card controlled by a hacker, enabling them to bypass 2FA protection or even change a user's password.

Once a victim's Roblox items are taken, they're typically offloaded on one of many unauthorized Roblox marketplaces, for sometimes breathtaking prices: YR, the co-founder of the Adurite marketplace said the biggest sale on the site in 2021 was a Midnight Blue Sparkle Time Fedora, which sold for $13,605.

YR acknowledged that the sale of stolen items through unofficial markets is a problem, but said that—much like Roblox itself—there's not much they can do to stop it. "As we are a public and easily accessible marketplace to sell on, it's surely possible that these ‘beamers’ attempt to sell items on Adurite as they would try to on any other sort of marketplace," they said. "Although we try our best to filter out these items, it's very difficult to detect/filter these items."

Roblox does offer a "rollback" option for item trades, but it's limited to one per account. It also "aggressively deters moving activity off Roblox because we cannot control activity on other applications," a rep told Vice, and offers 2FA and other features to help protect accounts.

"“We’ve spent over a decade building a stringent safety and security system and policies that we are proud of and that we are continuously evolving as our community grows," the rep said. "The Roblox InfoSec team, in particular, actively mines various sources for threat intelligence, monitoring for malicious activity and taking appropriate action."

Clearly, it's not enough: The digital frontier is a risky place for everyone, but it's not reasonable to expect children to effectively navigate those risks unaided and unprotected, especially when the amounts of money involved are bound to continue to attract predators.

TOPICS
Andy Chalk
US News Lead

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.

Read more
Roblox CEO David Baszucki.
'Don't let your kids be on Roblox', Roblox CEO tells parents, before comparing himself to Walt Disney and declaring the platform 'the future of communication'
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
The Backrooms 1998 screenshot
'A big scam company just stole my whole game': A Backrooms indie dev has been forced to seek legal help after someone took their game off Steam and uploaded it to the Nintendo Store
Steam logo
A web3 free-to-play survival game found to be a front for installing malware on your PC has finally been removed from Steam
Fuzzy children's show character with blue fur but rendered monstrous with void eyes and rows of shark teeth
Creator of horror game Poppy Playtime sues Google for refusing to remove 'bait-and-switch scam' apps that pretend to be the real thing then charge users up to $95 for literally nothing
Path of Exile 2 early access class key art
Around 66 accounts in Path of Exile 2 were compromised, due to a one-two punch of an old unused Steam account and a backend bug
Latest in Platforms
Screenshot of Children of Clay showing a mysterious clay model
Five new Steam games you probably missed (March 10, 2025)
discord
Brace yourself for Discord to get worse: Reports swirl that the company is in talks with bankers about opening itself up to shareholders
The Spy from Team Fortress 2 holds up a folder with an accusatory expression.
Steam users react ecstatically to update that lets them access their heaving game notes via the web, also it fixes Monster Hunter Wilds video recording
HasanAbi
Twitch streamer Hasan Piker suspended after saying Republicans would 'kill Rick Scott' if they really cared about Medicare fraud
Screenshot from Faceminer showing a PC desktop with several windows open
Five new Steam games you probably missed (March 3, 2025)
PORTSMOUTH, UNITED KINGDOM - OCTOBER 20: A man smokes a cigarette while he looks at a smart phone screen on October 20, 2024 in Portsmouth, England. (Photo by Matt Cardy/Getty Images)
Meta says sorry for turning Instagram into a horror show of violence, gore, dead bodies, and other graphic content that 'should not have been recommended'
Latest in News
Man facing camera
The Day Before studio reportedly sues Russian website for calling infamous disaster-game a 'scam'
Will Poulter holding a CD ROM
'What are most games about? Killing': Black Mirror Season 7 includes a follow-up to 2018 interactive film Bandersnatch
Casper Van Dien in Starship Troopers
Sony, which is making a Helldivers 2 movie, is also making a new Starship Troopers movie, but it's not based on the Starship Troopers movie we already have
Assassin's Creed meets PUBG
Ubisoft is reportedly talking to Tencent about creating a new business entity to manage Assassin's Creed and other big games
Resident Evil Village - Lady Dimitrescu
'It really truly changed my life in every possible way': Lady Dimitrescu actor says her Resident Evil Village role was just as transformative for her as it was for roughly half the internet in 2021
Storm trooper hero
Another live service shooter is getting shut down, this time before it even launched on Steam