Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 20, 2018
arrowPress Releases
  • Editor-In-Chief:
    Kris Graft
  • Editor:
    Alex Wawro
  • Contributors:
    Chris Kerr
    Alissa McAloon
    Emma Kidwell
    Bryant Francis
    Katherine Cross
  • Advertising:
    Libby Kruse






If you enjoy reading this site, you might also want to check out these UBM Tech sites:


Credit card thieves reportedly using  Clash of Clans  to launder money

Credit card thieves reportedly using Clash of Clans to launder money

July 18, 2018 | By Emma Kidwell




Credit card thieves are allegedly using the mobile games Clash of Clans, Clash Royale and Marvel Contest of Champions (developed by Supercell and Kabam, respectively) to launder hundreds and thousands of dollars. 

In the case of Clash of Clans and Clash Royale, players can spend real money for premium in-game currency like gold or gems. Players can take this premium currency and buy advantages, but the currency apparently also serves as an easy way to launder money. 

According to a report published by German cybersecurity firm Kromtech, the thieves used 20,000 stolen credit cards to make purchases in Clash of ClansClash Royale, and Marvel Contest of Champions by reselling accounts with those same purchases to third-party marketplaces and receiving money in exchange, with zero attachment to the stolen cards.

This laundering is possible because of the accessibility to automatically create accounts on a large scale. For example, Apple only requires a valid e-mail address, password, date of birth, and three security questions to create an Apple ID.  

E-mail accounts are easy to create. The thieves were reportedly able to automate the account creation process, allowing them to create accounts on a large scale, resulting in an automated money laundering tool for credit card thieves to use.

Kromtech’s investigation began with database-building software MongoDB. Poor configurations granted hackers access to data from tens of thousands of MongoDB databases. Kromtech became aware of these Clash of Clans thieves after analyzing samples from one database, which stored over a hundred thousand credit cards. 

"The tool we found and its users currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania," writes the report.

"We do not know if this was simply because the tool and Facebook page is new and this is just due to initial users, or if operating through these countries provides some kind of additional benefit to the thieves." 

Although there seem to be no immediate solutions, Kromtech urges developers and service providers to secure their account creation process from abuse by automated tools and police their policies when it comes to tracking and pursuing thieves. 



Related Jobs

Skydance Interactive
Skydance Interactive — Marina Del Rey, California, United States
[10.19.18]

AI Gameplay Engineer
Skydance Interactive
Skydance Interactive — Marina Del Rey, California, United States
[10.19.18]

Jr. Platform Engineer
Deep Silver Volition
Deep Silver Volition — Champaign, Illinois, United States
[10.19.18]

Senior Programmer
Plarium Michigan Studio LP
Plarium Michigan Studio LP — Portage, Michigan, United States
[10.19.18]

Senior Game Developer









Loading Comments

loader image