Malicious code is able to show UI over the purchase prompt, and trick users into purchasing items

If only Roblox would do something about this instead of endanger their developers and players

IMO this justifies a R0BL0XCRITICAL post for immediate attention and rectification from whoever’s responsible.

People manipulate the young Roblox audience into believing this is a legitimate Roblox captcha, which is recognisably similar and commonly seen throughout the Roblox website. To capitalise on a Roblox vulnerability that allows UI to overlap CoreGUI elements like a prompt.

This threat needs to be secured ASAP before it becomes a commonplace technique to extort Robux from users.

Yeah, we need to make sure Roblox also knows that the owner is not in the owner slot and is instead a rank below owner.

This is a problem, one of my friends on discord claimed that this could grab your ROBLOX account password and IP. Is this true or not? Guessing it can’t do either.

No, not unless you put it in yourself, there’s no way to grab another persons IP or personal info through this.

Just so it’s public knowledge, roblox-critical does not do anything anymore. Please do not suggest its use because it is just noise, it’s just a token gesture to make people feel better. Roblox knows already, so this is not useful.

I doubt this is true, passwords are usually hashed when kept in databases so whoever is behind it would have a hard time deciphering them and logging into your account. Anyways, it’s most likely false that they can get your account credentials and IP from you clicking that GUI. It might give them your clients IP, but that’s nothing to worry about.

A user that appears to be behind this scam (they have the group that is selling a shirt that scammed users) has items that cost robux on their account, leading me to believe that the people who orchestrated this compromised that user and probably others too.

This can’t be good. I can forsee this getting worse in the future if nobody does anything about it.

Thanks for the report! We’ve filed a ticket to our internal database and we’ll follow up when we have an update for you.

Thank you so much, whatever this person did is terrifying. Please do all of your best to get to the bottom of this!

I’m theorizing that they had some way to make the core gui invisible, but this is on a whole other level that I’ve never seen before.

im pretty sure they layered a ton of other UIs ontop of the core gui so it unloaded, i’m not 100% sure though

A very similar problem has existed for a long time where you can trick someone into clicking a gui repeatedly then in the same space a purchase prompt appears when they aren’t expecting, causing them to accidentally make a purchase. I don’t think that issue is fixed either.

That’s not really a fixable issue, just people taking advantage of people who don’t know about that.

Yea its most likely that they put game UIs above the core UIs which is why the captcha is where you would normally hit the buy now button on a gamepass. Its possible they edited the core UI to be invisible but unlikely.

The Scam genuinely looks so real, and if you’re new to Verify Roblox and discord, this could bring you a lot of trouble, but i rather lose all my robux than getting terminated
if i am in this position, i would reset my password and add a pin to my account Immediately, who knows? they can hack our game, they can probably hack our account, its not special that hacker are getting smarter and smarter each within times, just like us

What a scary scam. This could be targeted at multiple people and literally empty their Robux. Thank you Roblox admins for looking into this.

How would one do this? game:GetService("NonReplicatedCSGDictionaryService") fails even on the command bar

Go to Studio Settings → Studio and then enable “Show Hidden Objects in Explorer”

I simply have transferred all robux from my account, and taken it to my group funds. What games does this happen on?