Valve thwarts criminals using CS:GO as money laundering platform
The video game giant said 'stopping criminals was more important than preserving its microtransaction system'
Video games giant Valve has scuppered cyber criminals' method of 'liquidating ill-gotten gains' using Counter-Strike: Global Offensive's (CS:GO) loot box system.
The company confirmed that cyber criminals were successfully laundering money through the trading of keys, which are used to open loot boxes and can be bought from within the game itself, and traded on Valve's community marketplace.
The marketplace is traditionally used by legitimate players who can sell their loot boxes, keys and other cosmetic items earned form playing the game, for real money which can then be used to buy other games or cosmetic items.
In reaction to the discovery, Valve said it will lock all future keys to the purchaser's account, meaning they can no longer be traded and exploited to launder criminals' money.
"At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced," Valve said in a statement. "As a result, we have decided that newly purchased keys will not be tradeable or marketable."
The method highlights the evolving creativity of cyber criminals and their methods to evade detection of the authorities. Plenty of dark web services can be used to similar effect, but it could be argued that law enforcement agencies wouldn't think to look on a legitimate video game platform.
"For the vast majority of CS:GO users who buy keys to open containers, nothing changes; keys can still be purchased to open containers in their inventory," Valve added. "They simply can no longer be traded or transacted on the Steam Community Market.
"Unfortunately, this change will impact some legitimate users, but combating fraud is something we continue to prioritise across Steam and our products."
However, the issue may not be fully addressed. CS:GO isn't the only game which Valve develops that uses the aforementioned loot box system.
Defence of the Ancients 2 (DOTA 2) and Team Fortress 2 (TF2) both have a case/key microtransaction mechanism that uses the Steam Marketplace.
The system still works in the same way as the exploitable CS:GO version did so criminals could turn to those games while they spend time looking for more sustainable alternative methods of laundering.
Hot water reaches boiling point
This isn't the first time CS:GO's loot box system has been embroiled in criminal controversy. In 2016, a range of YouTubers were criticised for creating gambling sites which allowed people, many of which were underage, to use cosmetic CS:GO items as gambling chips in casino-style, browser-based games.
This prompted the legal seizure of the gambling sites and Valve to implement trading restrictions on in-game items, such as the weapon 'skins' used as gambling chips.
Valve also banned its loot boxes in the Netherlands and Belgium due to violations of domestic gambling laws which classified digital loot boxes as "games of chance".
Other sites which offered gambling and trading services for digital items in other games such as the FIFA franchise have also been seized and fines issued to their owners.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now