Runescape hackers were able to exploit a double-spend glitch to generate trillions in in-game currency and use some of the profits to buy bitcoin.
According to a video published by popular YouTuber SirPugger, the exploit began in November 2019 with the hackers crashing the Old School Runescape’s economy via the creation and use of thousands of new accounts. Runescape’s servers responded to the account overload by rolling back to the last login point.
Hackers were able to exploit the roll-back by trading gold between two accounts while only logging out of the account which received the gold. According to the video, the rollback would result in both accounts holding the gold, resulting in a double-spend attack.
While Jagex, the publisher of Runescape, patched the exploit for Old School Runescape, the hackers were able to employ a similar double-spend attack on Runescape 3.
The video claims the hackers were able to continue the exploit for several days before Jagex was finally able to fix the rollback mechanic, racking up trillions in double-spend game currency in the interim.
I can tell you we’re talking about multiple trillions of Runescape 3 dupe, which translates to over $250,000.
The hackers attempted to offload their in-game currency through multiple avenues, including gambling and exchanging for bitcoin.
Some community members have proposed Jagex consider adopting bitcoin or other crypto-assets for their in-game currency and leveraging the blockchain technology to provide resistance against double-spend attacks.