Akamai Diversity

Akamai Security Intelligence
& Threat Research

Minecraft players are targets even off the network

When we write the SOTI and talk about attacks against gamers, we spend a good deal of time focusing on network-level events, such as DDoS and credential stuffing. These are serious types of attacks and attack surfaces, but they aren't the only things gamers have to deal with. In fact, the add-on attacks are far more common than one would imagine.

Recently, I became aware of a Minecraft player who was targeted by a scammer that demanded  a ransom payment via the chat service Discord. The demand was simple, pay roughly $20 via in-game currency (SkyBlock Gems) or face a DDoS attack. Panicked, not wanting to wake their parents and discuss the threat, the victim paid the ransom. Proving that criminals are rarely true to their word, the scammer launched a DDoS attack anyway, and knocked the victim's network offline until the following day.

SkyBlock Gems and other in-game currencies, such as Minecoins, can be purchased with real-world currency, and used on the Hypixel store or Minecraft Marketplace to purchase DLC addons, skins, texture packs, maps, etc.

Once purchased, there is no way to reverse them back into real-world currency, but scammers who target these items aren't looking to convert. No, they're looking to spend someone else's money to obtain items of worth that can then be sold externally or traded.

The screenshots below are examples of secondary markets selling accounts wholesale. These markets have little to no verification. This means that scammers can flip stolen accounts with key items, and any money made is just pure profit.

Criminals have also moved into the app stores, and leveraged the popularity of Minecraft as a means of scamming players. Research from Avast identified a wave of malicious mobile applications offering skins, wallpapers, or game mods, disproportionately charging users hundreds of dollars per month for access.

In fact, five of the fraudulent applications with more than a million downloads each were charging $30 a week to use. The scammers are counting on the fact their victim will forget about the application and its trial period or fail to notice the subscription costs.

Account-focused extortion scams like the one described above, or app scams like the ones discovered by Avast, are just the tip of the iceberg.

Our Editorial Director has been playing Minecraft since it was in beta and can personally recount stories related to phishing attacks and other in-game scams that targeted his account or items. Those without similar stories are the lucky ones.

While doing some background research, I came across this post on the Hypixel forums detailing more than a dozen scams that players face, offering some solid advice for avoiding them. It's worth a read if you're a Minecraft player, and unfamiliar with the various types of attacks within the Minecraft community.