I am a verified roblox creator, and I have a strong password and 2 factor verification on my phone. I checked to see where this robux had went… and theres a BUNCH of randomly bought gamepasses, shirts, you name it. These purchases are made every few minutes and have lasted a day, costing over 150k robux.
Sign out from other sessions in https://www.roblox.com/my/account#!/security and check for malicious plugins.
To get your robux back, contact roblox support. I guess it should at least listen to verified creators…
Most likely your cookies have been grabbed. If you have 2 Step recieved no code nothing. It is most likely that. Change your password and logout all sessions to change the cookies.
If someone is on your account you should immediately log all devices off your account, if you have recently downloaded a malicious virus or clicked on a malicious website this can also harm your device by installing malware onto your pc, if this is the case download an antivirus and run a quick-test if malicious viruses are found then your antivirus will either automatically remove the viruses or give you a step by step guide on how to remove the virus.
As far as I know, there is no way to get your roblox credentials (cookie) or buy gamepasses with plugin security level. I’d say its the same category as somehow interacting with coregui on localscript level, only if there is a vulnerability.
sadly, I don’t think you can get your Robux back even if you contact support. But i still think you should give it a try. I would be going to your Roblox settings and click " sign out of all sessions". If someone told you to go to Inspect elements and put in or give them something from there. Its most likely because of that. Also, before you sign out of all sessions go to " Where You’re Logged In" and check. Also, I would set up a pin so next time you have to enter your pin to buy stuff or change your settings.
What I found out is that my twitter was also hacked as well as my steam. So this must have been maybe a chrome extension, or my cookies were grabbed (not too sure on how the whole thing works). Maybe even a virus in the background?
What I did was went on all my accounts (discord, roblox, etc) and logged all other devices off. I then changed the passwords on all of them. I also completely reset my pc, reinstalling windows and wiping all previous files in case there was a virus or anything. I believe this has worked as nothing has happened since to any of my accounts. (I hope this stays true.)
I have contacted roblox support, and they have offered me the robux back as long as I send images of all the transactions that occured while my account was compromised. Waiting to hear back now!
I changed my passwords for everything I used, after logging them out of all devices they were listed to be on. I then reset my windows entirely. Would this make the cookies they grabbed now useless, if all my passwords are changed and logged out? as well as all extensions and folders gone.