Scam Exploit ! (help on how to resolve?)

Would you mind telling us what plugins you used? I think @SSSpencer413 is right about it being a plugin.

We havent inserted any models and if we insert models we always check them on a seperate empty baseplate first to make sure so I’m doubting its that. It’s probably going to be a plugin but we both havent changed plugins in a long time and it only started happening suddenly so thats why we’re confused aswell. If it was a backdoor why wouldnt it be happening on all the servers for the exploiter to gain maximum profits is another thing I just find strange.

Only code we have from the library is adonis but gonna need a bit more time to go over that and a bezier module which we checked and was fine

image594×1291 104 KB

This is a list of what I have, we have a slight suspicion it might be the datastore one but I’ve had this for a while and never had this problem before, already deleted it now though, so far found nothing in the code yet but we’re still looking.

It might be the DataStore Editor plugin since the official one was created by sleitnick. (Post)

The datastore editor is a little bit sketchy because:

1. Like @HugeCoolboy2007 said, the original one was created by another user
2. The item is not on sale
3. The YouTube video linked in its description is private
4. The “logo” of the datastore plugin that you are using is a regular cylinder part in studio

In addition my plugin list and of my team is.

• Archimedes Two (2.4) by Scriptos.
• Assets Watcher by Med studio.
• Brick Cutter by ozzyping.
• Buildings Tools by F3X by Gigs D4X
• Bézier Paths by sleitnick
• Load Character Lite by AlreadyPro
• Model Resize Plugin 2.1 by DaMrNelson
• Obfuscate by Defaultio
• Stravant - GapFiil & Extude by Stravant
• Stravant - Model Reflect ‘’
• ThreeDText 2 by XAXA.

My Other developers.

2nd One.

• Atmos
• Resize
• F3X
• ThreeDText2
• Rope master
• Gapfill
• Load Character

Third one.

image722×431 114 KB

image827×252 76.8 KB

Yeah, it probably was but I checked @Srap_y plugins who said he also encountered the issue and he didn’t have it

We’d just like to find the code in scripts to make sure its gone but thanks to all of you for helping us out so far, appreciate it

Maybe you could try following this guide, using method 2: How to inspect the source of plugins

Then you can inspect the source code of the plugin and see if/how they are inserting the exploit into your game, which would make it easier to track down

Ctr Shift F with various scripts didn’t appear to have returned anything. Which means it’s not embedded inside of the game but could be inside of nil or GC’d, Most likely going to be put down to a malicious plugin.

Go to each of these plugins and click the author. Look at their account. Check out recent uploads and whatnot. If it looks sketchy at all. Temporarily disable it.

If all goes south and its really not looking good. Create a 2nd Studioo-Game that you will have for not-built or released updates. And on this studio start adding your devs and manually seeing what each developer is doing. So as a developer joins, You can publish and test. Hence singling out the dev with the exploit.

After this go through his plugins. Cached scripts. Various self-plugins (Within the plugin folder. Some may not display but hide in the background.)

If you downloaded this cool tool called “BTR Roblox” you will be able to read the source code of that plugin online without any issues. Meaning you can inspect to see if its requiring or if anything is shady.

For example:

image1870×947 154 KB

Odd, because a new topic was posted not too long ago which may be related to this one:
https://devforum.roblox.com/t/is-this-normal/1153311

Yup, some guy had the same problem. This is quite an issue.
https://devforum.roblox.com/t/is-this-normal

True, they both have a gray background, white text, and a blue button that has the word “continue” on it with rounded corners. It could possibly be related.

Sharing screenshots of the stuff that was posted in the game at the moment of joining.

image845×431 37.5 KB

image766×431 24.6 KB

image835×431 90.6 KB

If you are absolutely sure that this is not a backdoor, you may want to contact @Exploit_Reports.

From the looks of it being widespread and that people buy the shirt without comfirmation, this looks like a Roblox bug.

Is this thing that is popping up in games instantly buying something? Does it pop up with the purchase thing?

I found out what happened if you press continue:

image1028×105 14.1 KB

It is happening in many games, so it is a widespread issue. I also got that picture from the comment section of the item it is making everyone buy.

We’re not sure, it could just be a backdoor. It is very late though for me so I will have continue looking through the code tommorow, we have disabled third party purchases so hopefully people havent been getting it anymore.

I’m leaning towards this being an exploit rather than a backdoor as you said this is only occurring within some game servers and it would seem that quite a few people are having the same issue. Though, it’s still possible this could be the result of a malicious plugin, but I haven’t seen plugin lists from other users to confirm similar plugins amongst afflicted developers.

Here’s an update based on the information I was provided:

Someone, somehow, managed to edit the Roblox CoreScripts. So yes, this means that almost every game is going to encounter this issue. Countless amounts of people have been robbed of their Robux because of it. One individual in particular lost somewhere around 100k-500k Robux.

So no, this isn’t your fault, it’s a widespread issue.

Not to be annoying but is this information from a credible source?
I’d think if it was this widespread there would be more news from top games to be honest.