Exploiters are now bypassing my UserOwnsGamepass check and using a hookfunction to return it as true

1. What do you want to achieve? How can I prevent this from being called from a hook function.

2. What is the issue? Exploiters now get the tool for free.

3. What solutions have you tried so far? I tried looking at some other post.

and they get the boombox.

hookfunction(game:GetService("MarketplaceService").UserOwnsGamePassAsync, newcclosure(function()
     return true
end))

Above is the exploiters code that returns the value as true

This will only return true on the client. To make it secure, check on the server. If it’s a local item, you can’t really prevent it (as anything local on the client can be modified by an exploiter).