Play Now Login Create Account
illyriad
  New Posts New Posts RSS Feed - 12NOV14 - Gold Exploit Closed
  FAQ FAQ  Forum Search   Register Register  Login Login

Topic Closed12NOV14 - Gold Exploit Closed

 Post Reply Post Reply Page  123>
Author
GM Rikoo View Drop Down
Moderator Group
Moderator Group
Avatar
Community & PR Manager

Joined: 28 Mar 2014
Location: Mars
Status: Offline
Points: 1233
Direct Link To This Post Topic: 12NOV14 - Gold Exploit Closed
    Posted: 12 Nov 2014 at 03:26
Hi everyone,

We've just permabanned a number of players for a particularly egregious gold / market exploit.

We have never previously shared details about exploits, but we feel this one is exceptional in the relative size and scope, and will have had (and will probably continue to have until equilibrium is reached) an impact on market pricing, especially of prestige scrolls.  

Whilst we're not going to name names, we also feel the particular names involved will become quite conspicuous by their absence, especially amongst traders ingame.  

So, in this instance we feel it is appropriate to let everyone know roughly what happened and what we've done; if only in a (doubtless somewhat hopeful) attempt to stop the pitchforks being pointed in all directions, as well as to provide an explanation for what will possibly be an unexpected adjustment in the Illyriad market economy.  

We don't expect any adjustment to be major - but having said that, we have just removed a little over 11.5% of the current gold supply (closest to M0/MB in economist's terms) and as such we expect that such "quantitative tightening" will have an impact (even though that money was mostly "created via exploit" only very recently).

We'll attempt to explain.

How did you discover the exploit?

We were preparing a (hopefully) informative post about the scale and growth in the Illyriad economy over the last 4 years, and were also interested in how the daily economy had changed since the introduction of Prestige Scrolls (yes, we do record everything) - and we were looking at the net Gold flow balance in the active player economy.

The net Gold flow balance is the balance between:
  1. the gold being generated (predominantly via tax receipts from your towns, but also from other sources such as NPC drops), and

  2. the gold being consumed (predominantly via unit upkeep, but also trade taxation, sovereignty costs etc)
When we looked at the report, however, we were a bit stunned to see a huge jump in the net Gold flow balance starting on the 18th of October.
  
The jump was from +64 million gold per hour to +177 million gold per hour... overnight.  And it didn't go back down the next day, or the day after, or... etc.  

After looking for a few obvious culprits (eg "was there a massive destruction of troops in an alliance-wide military engagement?" etc), we ended up with a blank, and so began eliminating other possibilities one-by-one.  

At the very bottom of our pile was tax rate (how could that, even across the entire playerbase, nearly triple the gold flow overnight!)

Imagine our surprise when we discovered a single town, with:
  1. a population of a handful (<50) people, 

  2. a tax rate of more than 99,000,000% (yes, ninety-nine million percent), and

  3. a gold income rate of 100s of millions of Gold per hour for this town
How is this possible?

Not without a deliberate exploit, I'm afraid to say.

What the player did was:
  1. Build up a tiny town with some farmyards, a marketplace, and then create a caravan or two, then

  2. ... go into the code behind the Castle Taxation page and "forge" a post to the server asking to change the tax rate to 99 million%, but...

  3. ... the server doesn't question the amount of change in tax rate, because...

  4. ...the town then plunges into massive deficit on everything (eg in this case negative 448 million food per hour), which should cripple it... however...

  5. ... this doesn't matter.  It's still minting gold, and - whilst everything has been levelled down - we don't level down farmyards so that people who make a mistake on food have a chance to recover, but...

  6. ... farmyards do provide a small population, and whilst this was a small population... 99 million percent taxation provides a ton of gold per hour, and... 

  7. ... caravans don't cost food upkeep, so we don't destroy them, so...

  8. ... every couple of days the player would go to this city and have a lot of free gold that they could cram into a single caravan and send out.
It simply didn't matter that the town was empty except for a couple of dozen people working on farmyards.

How was the exploit closed?

Taxes can now only be set to between 0 and 100%, and we're going to look at other safeguards (eg, we're examining the destruction of towns after a period of time if they have nothing but farmyards and zero storage and negative production, as well as further summaries and internal alerts when some previously un-monitored things go out of expected parameters).

How much money was generated and what happened to it?

Well, luckily we can tell exactly.

The town that was performing the exploit was a member of two fairly prominent alliances (the exploiter had switched recently), and so had not been thieved from.  So the only transfer for that town was via direct dispatch.

Tracing the gold outbound from this town, as well as prestige scrolls inbound and outbound from related exploiter account cities, most of the flow was to a different trading town closer to Centrum for market access.

The majority of gold transferred was since the 18th of October, however we can see, by trawling through the logs, a number of earlier transactions of many billions, distributed to players in the alliance, dating back to August and September of this year.    

We believe that the player ran the exploit back in August but stopped and reset his tax rate (possibly for fear of discovery); restarted once in September, and then permanently ran the exploit from the 18th of October onwards - once there was a clear reason for large-scale gold fraud (ie Prestige Scrolls).

The total amount drawn and distributed from this exploit was:

91,157,150,000 (91.1 Billion) Gold

What's going to happen to these players?

Well, we've permabanned 9 directly involved accounts and their alts.  

Three of these are accounts we can prove were run directly by the exploiter. 

Of the other six accounts, each received between 2 and 6.4 Billion in payments from the exploiter, most directly delivered in tranches of at least 1.5B and as much as 2.1B Gold, and delivered *whilst* the exploiter was still under rainbow of new player protection.  All the other six accounts received the bulk of their free cash in the month of August.

These 9 account closures have removed a total of:
123,507,773,792 (123.5 Billion) gold from the game, representing not only the gold in their inventories, but also the current market value of more than 340 Prestige Scrolls found in their inventories and with their traders, bought with the proceeds.

This figure removed is higher than the amount drawn and distributed because:
  1. there was substantial gold waiting to be distributed when we shut the exploit down, and
     
  2. the 9 accounts were also involved in legitimate money-making activities within their alliances.
What about the other players and the alliance(s) these players were in?

Many of you may have worked out who the players involved probably are, perhaps by their willingness to pay over the odds (for eg prestige scrolls), and some of you may have done business with this player. You'll be glad to know that we hold you blameless; and we believe that you acted in good faith.  As we investigated the exploiting account, we noted (very happily) that many of you expressed substantial surprise that a player less than 3 months old could actually drop half a Billion on prestige scrolls.

We would repeat that we do not wish this thread to become a blame game where people make suppositions or accusations about who knew what and when, or cast aspersions on other players or alliances. 

We believe we have performed an in-depth investigation into this exploit and those involved in it, and that we have lanced the immediate boil.  

We have not yet, however, finished our investigation, and so would urge anyone who received unexpectedly large (hundreds of millions, if not Billions of gold) payments from a less-than-three-month-old player to get in touch with GM Rikoo via igm - or to open a petition with as much of an explanation as possible.  We'll be much more charitable if we hear from you first, rather than you hearing from us.

How did you devs not notice this earlier?! 91 billion is a lot of gold!

Well, whilst we record everything, we really don't monitor everything.  

The figure that tipped us off to the exploit was the delta on the hourly gold production value - everything else was pretty much within expected market parameters.

It may shock some of you to know that whilst 91 Billion seems like a lot of money, there's actually more than 800 Billion Gold in Gold pieces alone (ie what economists would define as M0 or MB)  sloshing around inside the active player Illyriad economy.  The total size of the Illyriad economy is many, many Trillions, and when we get this report written up we'll happily share the details with you all.

How is ending this exploit going to effect the market?

We wouldn't want to speculate too far - we'd expect a demand reduction (particularly on prestige scrolls) due to the cartel's willingness to pay over the odds and to warehouse them; although it should be said that most of their transactions were direct player-to-player sales rather than trade hub orders.

Thank you for your time.

GM Rikoo

EDIT: A further 4 accounts were banned overnight, bringing the total so far to 13.



Edited by GM Rikoo - 26 Nov 2014 at 18:48
Illyriad Community Manager / Public Relations / community@illyriad.co.uk
Back to Top
GM Stormcrow View Drop Down
Moderator Group
Moderator Group
Avatar
GM

Joined: 23 Feb 2010
Location: Illyria
Status: Offline
Points: 3926
Direct Link To This Post Posted: 12 Nov 2014 at 03:53
Thanks, Rikoo.

I'd just like to reiterate... to make it crystal clear, and highlighted in double bold capital letters, that we do not believe that either of the two alliances that this exploiting player was a member of had direct knowledge of this exploit.

Regards,

SC
Back to Top
Consul Zynot View Drop Down
Wordsmith
Wordsmith
Avatar

Joined: 08 Aug 2014
Status: Offline
Points: 110
Direct Link To This Post Posted: 12 Nov 2014 at 04:09
Aww well Devs  why dont you guys be fine folks  and give me that  123 Billion gold !
Back to Top
Mr Damage View Drop Down
Postmaster
Postmaster
Avatar

Joined: 01 Jan 2011
Status: Offline
Points: 598
Direct Link To This Post Posted: 12 Nov 2014 at 04:13
Hats off to the exploiters for getting away with it while they did but bigger hats off to the Devs for uncovering and removing it, good job.
Back to Top
Zarhunt View Drop Down
New Poster
New Poster


Joined: 03 May 2014
Location: Melbourne, Aust
Status: Offline
Points: 39
Direct Link To This Post Posted: 12 Nov 2014 at 04:18
I know I have criticised the devs a fair bit lately but I would like to thank and applaud them for posting a clear explanation of their judicial findings and subsequent actions. I truly hope it spreads.
May we meet on an abstract plain one day
Back to Top
Brandmeister View Drop Down
Postmaster General
Postmaster General
Avatar

Joined: 12 Oct 2012
Location: Laoshin
Status: Offline
Points: 2396
Direct Link To This Post Posted: 12 Nov 2014 at 04:22
It does make me wonder how many other places have parameters checked only by the UI and not the server. Could be a Pandora's Box of exploit attempts.
Back to Top
GM Stormcrow View Drop Down
Moderator Group
Moderator Group
Avatar
GM

Joined: 23 Feb 2010
Location: Illyria
Status: Offline
Points: 3926
Direct Link To This Post Posted: 12 Nov 2014 at 04:55
Originally posted by Brandmeister Brandmeister wrote:

It does make me wonder how many other places have parameters checked only by the UI and not the server. Could be a Pandora's Box of exploit attempts.
There are actually very few interface input points in the game, and they're all pretty tight as far as we can tell at both the UI and the server end.

Most all the really important ones have been poked and prodded at before by players - we do log these attempts by the way, and we don't look at the "out of bounds" and "malformed" etc requests very favourably...

However, we're not complacent about this, and will be reviewing *all* the server input validations again over the coming days and weeks.

Regards,

SC
Back to Top
SimplyDivine View Drop Down
New Poster
New Poster
Avatar

Joined: 30 Sep 2012
Status: Offline
Points: 20
Direct Link To This Post Posted: 12 Nov 2014 at 07:45
Until recently, I had been quite active in the Marketplace, and had worked steadily to improve my Trade ranking, however, I had noticed the meteoric rise of some players in those rankings and was a bit startled/dismayed. My question is: how will the Trade rankings be impacted as a result of the perma-bans of those 9 players involved? Will their rankings be allowed to stand as a result of their misdeeds?

I, too, have been critical of the devs of late, and I wish to publicly applaud them for the time and effort they have expended in tracking down and ending this type of nefarious behavior. To the cheaters, I say...as in virtual life, so in real life. If you are willing to lie, cheat and steal your way through an online game, then I pity your friends and business associates for the havoc you are clearly capable of bringing to them. Just keep in mind one thing, though, what goes around, comes around, and don't be surprised when karma pays you a little visit.
Back to Top
Epidemic View Drop Down
Postmaster
Postmaster
Avatar

Joined: 03 Nov 2012
Location: USA
Status: Offline
Points: 773
Direct Link To This Post Posted: 12 Nov 2014 at 08:33
Congrats on finding some cheaters!

During these tumultuous times I am willing to temporarily come back and dominate trade for the sake of stabilizing it. Just accept my buy offers for prestige tomes and i'll take care of the rest...Big smile
Back to Top
OrcDork View Drop Down
New Poster
New Poster
Avatar

Joined: 23 Oct 2014
Location: South Africa
Status: Offline
Points: 27
Direct Link To This Post Posted: 12 Nov 2014 at 08:38
As a new player to MMO's (Illyriad is my 1st and only), it is comforting to know that the devs are able to deal with such acts. It is also an eye-opener as to what people are capable of, even in an online game. Sad to witness but a good end result.
Back to Top
 Post Reply Post Reply Page  123>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.