Indie developer TinyBuild, the studio behind Punch Club, Party Hard and SpeedRunners, had thousands of their game codes stolen through fraudulent credit card purchases, which then wound up on G2A.com, a site that allows people to resell game codes.
The basic idea behind G2A is straightforward and pretty harmless: with the amount of game codes sold through Steam, the Humble Store/Bundle, and more, the site gives consumers a place to sell unwanted game codes. However, in doing so, G2A has created a huge black market for game codes sales.
As TinyBuild described in their blog post on the matter, the common practice for scammers is to “get ahold of a database of stolen credit cards on the darkweb. Go to a bundle/3rd party key reseller and buy a ton of game keys. Put them up onto G2A and sell them at half the retail price.” This allows scammers to make thousands of dollars while preventing any profit from reaching the game developers because, once the stolen credit cards are processed, the payments will be denied. The developer won’t receive any money, but they will already have given out the keys.
The source of these fraudulent codes was the online store that TinyBuild ran themselves. They wrote:
The shop collapsed when we started to get hit by chargebacks. I’d start seeing thousands of transactions, and our payment provider would shut us down within days. Moments later you’d see G2A being populated by cheap keys of games we had just sold on our shop.
TinyBuild ran the numbers on how many keys were sold on G2A and how much revenue that was lost for them as a result.
TinyBuild reached out to G2A, asking about the fraudulent sales and if they would be compensated. This is the reply they received:
So the issue you have pointed to is related to keys you have already sold. They are your partners that have sold the keys on G2A, which they purchased directly from you. If anything this should give you an idea on the reach that G2A has, instead of your partners selling here you could do that directly. I can tell you that no compensation will be given. If you suspect that these codes where all chargebacks aka fraud/stolen credit card purchases I would be happy to look into that however I will say this requires TinyBuild to want to work with G2A. Both in that you need to revoke the keys you will be claiming as stolen from the players who now own them and supply myself with the codes you suspect being a part of this. We will check to see if that is the case but I doubt that codes with such large numbers would be that way. Honestly I think you will be surprised in that it is not fraud, but your resale partners doing what they do best, selling keys. They just happen to be selling them on G2A. It is also worth pointing out that we do not take a share of these prices, our part comes from the kickback our payment providers.
G2A states that TinyBuild’s retail partners are the ones selling the codes on G2A, not scammers, despite the thousands of codes they lost through their online store to fraudulent credit card purchases.
Game studios and publishers already often make slim margins, and scams facilitated by G2A hurt independent developers like TinyBuild the most. G2A has been at the center of controversies like this one before, cutting out game developers by allowing for the sale of huge quantities of stolen game codes. Earlier this year, Ubisoft had thousands of keys for Far Cry 4 fraudulently purchased and sold on G2A. In May 2014, Devolver Digital (publishers of indie games including Hotline Miami and Downwell) had a public argument with G2A on Twitter, stating:
It’s sad to see game developers hit with large-scale theft. Incidents like this make it even harder to make games. G2A has the allure of allowing consumers to resell keys, but it is clear that a large amount of the ones sold there are illegally obtained. If you want to support the people who make your favorite games and ensure they keep making games, it’s best to purchase from legitimate retailers like Steam or the Humble Store.