Video games giant Valve has scuppered cyber criminals' method of 'liquidating ill-gotten gains' using Counter-Strike: Global Offensive's (CS:GO) loot box system.
The company confirmed that cyber criminals were successfully laundering money through the trading of keys, which are used to open loot boxes and can be bought from within the game itself, and traded on Valve's community marketplace.
The marketplace is traditionally used by legitimate players who can sell their loot boxes, keys and other cosmetic items earned form playing the game, for real money which can then be used to buy other games or cosmetic items.
In reaction to the discovery, Valve said it will lock all future keys to the purchaser's account, meaning they can no longer be traded and exploited to launder criminals' money.
"At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced," Valve said in a statement. "As a result, we have decided that newly purchased keys will not be tradeable or marketable."
The method highlights the evolving creativity of cyber criminals and their methods to evade detection of the authorities. Plenty of dark web services can be used to similar effect, but it could be argued that law enforcement agencies wouldn't think to look on a legitimate video game platform.
"For the vast majority of CS:GO users who buy keys to open containers, nothing changes; keys can still be purchased to open containers in their inventory," Valve added. "They simply can no longer be traded or transacted on the Steam Community Market.
"Unfortunately, this change will impact some legitimate users, but combating fraud is something we continue to prioritise across Steam and our products."
However, the issue may not be fully addressed. CS:GO isn't the only game which Valve develops that uses the aforementioned loot box system.
Defence of the Ancients 2 (DOTA 2) and Team Fortress 2 (TF2) both have a case/key microtransaction mechanism that uses the Steam Marketplace.
The system still works in the same way as the exploitable CS:GO version did so criminals could turn to those games while they spend time looking for more sustainable alternative methods of laundering.
Hot water reaches boiling point
This isn't the first time CS:GO's loot box system has been embroiled in criminal controversy. In 2016, a range of YouTubers were criticised for creating gambling sites which allowed people, many of which were underage, to use cosmetic CS:GO items as gambling chips in casino-style, browser-based games.
This prompted the legal seizure of the gambling sites and Valve to implement trading restrictions on in-game items, such as the weapon 'skins' used as gambling chips.
Valve also banned its loot boxes in the Netherlands and Belgium due to violations of domestic gambling laws which classified digital loot boxes as "games of chance".
Other sites which offered gambling and trading services for digital items in other games such as the FIFA franchise have also been seized and fines issued to their owners.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.