Players Apparently Tricked Support Into Duping Items

Duping items is probably one of the worst nightmares of developers. Bugs can be annoying to game-breaking, but nothing is as threatening to a game and its economy than players being able to literally create items or currency out of thin air. Caturday was such an example and the Astral Resonator exploit as well.

[blog_subscription_form]

Although the above is not strictly “duping”, there have also always been rumblings about legitimate methods to duplicate items. Players allegedly figured out ways to create and exploit artificial lag, or mail items from the preview to the live server by manipulating game files. More recently, we could verify duping within the Cradle of the Death God trial and now got pitched a report that could hint at something that could be classified as “social duping”.

Support Exchange Hints at Social Duping

We got approached a couple days ago with an exchange that shows support restoring a deleted character. It’s a multi-step process in which the staffer first reinstates the deleted character in question and then additionally rolls it back by 24 hours because of missing gear. What looks like a normal day in the office is actually a deceitful way of duping items.

Because what support doesn’t know (and apparently neither cares to check) is that the character held a full inventory of high-rank enchants for a short period of time. The player would then move the items to a different account, delete the character, and request a restoration. Here’s the full process of the trickery:

  1. Pick a level 70 character that you don’t mind being deleted.
  2. Fill the inventory with enchants or other items of high value.
  3. Wait for at least 24 hours and then send the items to another account.
  4. Delete some random gear or artifacts and wait another couple hours.
  5. Delete the character and contact support about how an important char of yours got accidentally deleted. It’s important to not take responsibility yourself, blame it on a third party or whatever.
  6. Support will restore the toon.
  7. Complain about missing gear and that you’re absolutely not able to play the character in its current state.
  8. Support rolls back the character 24 hours.
  9. Your full inventory is back and all items are now duplicated because you’ve sent them to a second account in step 3).

Decking out Multiple Toons with High-Level Items

[sc name=”discord”]

This obviously raises some serious questions. Apparently support never checked the character that they were about to restore. Otherwise they might have figured that a random alt full of high-end items isn’t the norm. Further looking into the toon’s activity and transactions then of course would have revealed that the inventory was fully moved to a different account before deletion. That’s probably suspicious enough to halt the process, especially given the player pressing hard for a 24-hour rollback. It’s also interesting that nobody noticed an influx of restoration requests that all followed a very similar script.

For the deceiver in the meantime, there was little risk other than losing a random toon. Even if support refused to restore the character, your items were save. According to our information the first attempts of tricking support started as early as 2017 and heavy exploiting continued for roughly half a year. There might however still be players out there that try to use this method.

Most were careful enough to not do this extensively and raise suspicions. If pulled off correctly, one try was enough to deck out multiple toons with high-level enchantments anyway. So it’s not like you had to repeat it that often unless you were getting greedy.

Clueless Support, No Security Checks

It might sound too crazy to be true, but on the other hand the approach makes way too much sense. And as mentioned we have indeed seen support exchanges that absolutely fit the script. So we do not have much doubt that the presented information isn’t true. It’s a hilarious way to trick support. You almost want to pat the scammers’ on their back for their creativity and boldness. At the same time it’s shocking how naive PWE seems to operate.

It’s probably also a symptom of staffers not necessarily knowing any details about the games they support. This is often by design to avoid bias, but in this particular case it came back to bite them hard. To a lesser extent it additionally shows the lack of automated security checks within the game. If anyone tries to restore an item that’s technically still in the game, you might assume that some algorithm would prevent that or at least trigger some manual verification. But apparently nobody thought about it or didn’t feel like it could be necessary. This incident however should give Perfect World more than enough reason to question and improve their processes and routines. The deceit obviously was only possible due to severe oversights and a general lack of diligence.

The Full Extent Is Unknown

The full extent is unknown to us. It could be something that only a small group of players did, but also have spread beyond what we know so far. It’s safe to assume however that selected (groups of) players did this more than once and amassed high-end items by playing support rather than the game. We are very fortunate that this leaked by the way. Such major exploits are normally kept within a small circle to limit the risk of disclosure. The most severe things are those that you do not know of.

Although this should go without saying: Now that the method is out in the open, please don’t be stupid enough to try it. Your account will most definitely get locked.


What’s your take on the scam? Did you hear rumors about it or even know somebody who successfully pulled it off? Share your thoughts and experience on our social channels, in the comments below, or visit our message board!

Neverwinter UN:Blogged is always looking for writers to contribute to the blog. If you are an active player and search for a way to spread your opinions, analysis, diaries or reviews to more than 75,000 regular visitors, then don’t hesitate and get in touch with us on our contact page or message board! We are currently especially looking for console and PVP content, but that’s not exclusive. There is no frequency requirement, you post how often you want.

NWO_Unblogged

We are always looking for people that contribute to this blog. For more information contact us via blog@nwo-uncensored.com or check the forum.

5 thoughts on “Players Apparently Tricked Support Into Duping Items

  • December 6, 2018 at 3:41 pm
    Permalink

    and this is why they can be dbags in legitimate support situations. They have to come into each situation with a bit of skepticism. To the legit requester its the support being dbags, to support they have their guard up anticipating a scam that could get them in trouble.

  • December 6, 2018 at 4:11 pm
    Permalink

    This is appalling. I was initially quite horrified. I don’t feel like patting any scammer on the back. I want them banned from all internet games.

    My First Thoughts
    Unblogged should not have made this public. People who have legitimately grinded for 5 years to have multiple mains with rank 12s could now have all sorts of problems with genuine support tickets. But at least this looks like it will be met with more stringent checks now.

    My Second Thoughts
    What kind of idiots dealt with this ticket? They didn’t check back several days before the “loss” occurred? And how can “someone else” delete your character? We have to type the name in, and we are not allowed to let other people play on our accounts. Such a “loss” involves breach of ToS etc. Even being hacked could involve lack of security, antivirus and anti-keyloggers on our part. Then I recall when some high level enchants had genuinely vanished on unslotting, they checked very thoroughly, but they did offer to roll back my account, and I declined as I was not sure what that would do, EG with lock boxes, dungeon drops, boons etc. They replaced the two or three enchants I had lost.

    My Final thoughts
    Nah, I read it again, and this is just another old scam most people never knew about until after PWE/Cryptic had quashed it. I wonder how many of the Chult Ghunt Perma-Banned might really have been banned for this sort of thing?

    Well done, Unblogged. Now this is public, only an idiot will try it. And Support will check their accounts for weeks before the fake support ticket is filed.

    🙂

    • December 6, 2018 at 9:47 pm
      Permalink

      Ah the good old social engineering scams ironically it’s the exact same method you can use to steal whole Identities using this methods and that craft/skill set

  • December 8, 2018 at 2:45 am
    Permalink

    This should get way bigger ban than huntgate.

  • December 9, 2018 at 6:39 pm
    Permalink

    Audit already in the requests of supports that involve exclusion and recreation of Toons and ban in those that executed such an evil act for the game.

Comments are closed.