Slashdot Mirror

← Back to Stories (view on slashdot.org)

For 20 Years, This Man Has Survived Entirely By Hacking Online Games (vice.com)

Posted by msmash on from the to-each-his-own dept.

An anonymous reader writes: A hacker says he turned finding and exploiting flaws in popular MMO video games into a lucrative, full-time job. Manfred's character is standing still in the virtual world of the 2014 sci-fi online multiplayer game WildStar Online. Manfred, the real life person behind the character, is typing commands into a debugger. In a few seconds of what seems to be an extremely easy hack, Manfred's virtual currency skyrockets up to more than 18,000,000,000,000,000,000, or 18 quintillion. I'm watching this hack in a demo video recorded by Manfred as I stand next to him in a Las Vegas bar on Thursday. Manfred, who asked me not to reveal his real name, says he has been hacking several video games for 20 years, making a real-life living by using hacks like the one I just witnessed. His modus operandi has changed slightly from game to game, but, in essence, it consisted of tricking games into giving him items or currency he doesn't have a right to have. He would then sell those items and currency to other players (for real money) or wholesales them to online gray markets, such as the Internet Game Exchange, that then would sell those goods to individual players. At the current exchange rate, Manfred estimates he has $397 trillion worth of WildStar gold. This is obviously an outlandish number, but, essentially, his income was only limited by the real-life market for the in-game currency. When I spoke to Manfred ahead of his talk at the Def Con hacking conference, he said he wanted to go in, give his demo, and go out "as a ghost," never to be seen or heard from again. He said he wanted to be "invisible," just like he's been for the past two decades. He said he's found more than 100 publicly unknown vulnerabilities in more than 20 online video games, making hacking and trading virtual goods into his full time job.

5 of 114 comments (clear)

  1. Dumb to do a talk and interview by mattwarden · · Score: 4, Interesting

    Regardless of the ethics... This guy is risking his entire livelihood by doing a talk and interview. Amazing what people will risk for a little fame.

    1. Re:Dumb to do a talk and interview by barc0001 · · Score: 4, Interesting

      I would speculate he's doing the talk because he's probably already made all the money he thinks he needs and is retiring from it. It's entirely possible that he is also a hypocrite who was troubled that what he was doing was possible, but not troubled enough to stop doing it for his own benefit but now that (speculated) he is comfortable enough to retire he wants to shine a spotlight on the practice to encourage the affected game companies to close off the holes and prevent anyone else from doing what he did.

  2. Re:Mind-numbingly boing by James+Carnley · · Score: 4, Interesting

    Hacking is sort of like solving puzzles. You find the systems, analyze them, and look for loopholes and edge cases. It's mentally challenging and varied. Sure the hacks might follow a few standard techniques after a while but each specific instance is different and carries its own risks.

    I have a software engineering job that I would say is fairly challenging but I also do a whole bunch of grunt work and google pasting solutions for one off things. I wouldn't say my job is vastly better than his except for maybe the retirement plan. But even then if he got lucky he could out earn me quickly for finding a key exploit for a hot new game and milking it for a while.

  3. Re:Poster Child by magarity · · Score: 4, Interesting

    "and that game's internal economy has been completely wrecked by this behavior"

    Why is the central service unaware that the total game bucks in circulation suddenly jumped? The game needs routines that monitor the money supply.

  4. Re:Rule #1: Never Trust The Client by Kaenneth · · Score: 4, Interesting

    Eh, I once played a dial-up days online game where you could bet currency for a 50/50 chance to return 1.8 times the currency.

    You couldn't bet more than you had.

    So I bet -10,000,000,000 and lost.

    Which meant I gained 10,000,000,000 currency.

    Which overflowed the currency counter.

    Which crashed the game instance.

    Which dumped me to a remote command prompt.

    Which allowed me to download the unencrypted user password file.