Is there anything in particular you’d like to understand further to change your system to fix this?
So far everyone has been pretty on point about how you’d want to protect that. As I was saying earlier, the best way to prevent this is to move the way you’re doing this to the server. And if it will take a while to do, trust me, it’s worth it in the end.
EDIT: In fact, I had a similar problem I found out about recently - except our game isn’t released yet. I found myself using remote events to send to the server like you are. For the past few weeks I’ve been migrating the system to the server, and have been able to take this opportunity to add required functionality into it and make it better.
use the console in studio to set the datastore to nil.
also yes, if that math.random(8,18) line conveys the amount of money/logs/whatever they should be getting, then they can use an exploit like synapse to replace that value with any number. if the server doesn’t check what the client is sending it then they would be unstoppable.
I would like to point out that if you have fixed the issue, you should not just wipe this one person’s data. Instead you should add some code to the area where you get the datastore and check coin counts for every player. if anyone has an unreasonable amount of coins, flag them or wipe data if you are feeling relentless.