MMORPGs can attract millions of users from all over the world. These users spend hours of their lives having fun and socializing on their favourite platforms, customizing their characters, competing, and escaping reality. That’s the perfect environment for cybercriminals to exploit and abuse the capabilities of these persistent virtual worlds. Here’s how.
Money laundering via in-game currencies
- Money laundering in games occurs when illicit funds are converted into in-game assets or currency, and then cashed out or moved across accounts to disguise the origin of the money.
MMORPGs are useful vectors for cybercriminals to obfuscate illicit cryptocurrency and fiat trails. For example, they can convert illicit funds into gold, NFTs, or game items through the marketplace. Cybercriminals also use multiple accounts or guilds to “mix” and redistribute value over the game. They can cash out by selling assets on third-party sites or gifting to “clean” accounts.
The basic flow of money laundering online follows three steps:
- Placement: Criminals use stolen credit cards or crypto to buy in-game gold or rare items.
- Layering: they then transfer the items/gold to mule accounts, trade across several characters or auctions, or convert into other virtual goods.
- Integration: they finally sell these assets to real players (e.g., via PlayerAuctions) or redeem currency into fiat through laundering fronts.
The games most prone to these schemes are Runescape, WoW, CS:GO (skins), and GTA Online.
NFTs laundering, the new cybercrime vector in gaming
- Non-Fungible Tokens (NFTs) are unique digital assets stored on a blockchain. You can think of an NFT as a deed to a digital item - not the item itself. NFTs often represent digital art, in-game items (weapons, land, skins), domain names or music and media files.
NFTs are now a prime tool for laundering and obfuscating digital value. Here’s how it works:
- Attackers mint 10,000 low-effort NFTs using AI art or stolen media.
- They then perform fake transactions (“wash trading”), buying their own NFTs repeatedly using different wallets to inflate their value, and using crypto for illegal activities.
- They sell NFTs to a real buyer at a fake market price, converting “dirty” crypto into clean funds.
- Finally, they cash out. Their proceeds are withdrawn via exchanges, OTC desks, or crypto mixers like Tornado Cash (now sanctioned).
Some Play-To-Earn (PTE) or metaverse games facilitate laundering with NFTs with this scheme: the most notable are Axie Infinity, Decentraland, The Sandbox, and the OpenSea marketplace.
Fraud via account and item trading
Virtual gambling
In the European Union and North America, concerns have risen over the mechanics of skins or other gaming items becoming speculative assets in games like CS:GO and Black Desert Online. In particular, MMORPGs with lootboxes or gacha mechanisms can be co-opted into underground gambling. These in-game reward systems simulate the chance-based draw of prizes, similar to slot machines or trading cards:
- Lootboxes: Players ay real or in-game currency to open a randomized box of rewards.
- Gacha: originated in Japan, players pull random characters or items from a pool.
- Skins/items: cosmetics or weapons are assigned drop probabilities - often very low.
The common feature of these reward mechanisms is that players don’t know what they’ll get. The experience mimics gambling behaviour (variable-ratio reinforcement schedule), induces addiction, and carries legal and security implications. Indeed, some EU countries, such as the Netherlands and Belgium, have banned lootboxes as a form of gambling.
While these features are embedded in the game, they can be further exploited.
Lootbox and gacha systems can be turned into real-money gambling operations in several ways, even in games not designed to allow it.
For example, players bet rare cosmetics or items (e.g., weapons, pets, armour skins) on unofficial third-party gambling sites. So, when users open lootboxes to get rare items, they can use them as chips in a roulette or coin-flip game on a website.
This behaviour is illicit because these sites often operate without licenses, use crypto, and target underage users.
Some MMORPG guilds or players host “in-game casinos”, where users trade gold or items to roll the dice. They also compete in “lotteries” or “duels” with prize pots and participate in raid-based raffles. World of Warcraft, Runescape, and Second Life feature these mechanisms.
These can be player-run gambling rings, violating ToS, and used to launder stolen gold or real-world funds.
Games with ultra-rare drops (e.g., Summoners War, Genshin Impact) incentivize players to spend real money repeatedly to get a rare item/character.
Some gacha games have “pity systems,” making players feel they’re “due” a win, increasing addictive behaviours.
From a cyberpsychological lens, this reinforces compulsive spending, often with hidden odds and false scarcity.
Another aspect of these games is that many users try to make a living with them through streaming their games online.
Streamers open hundreds of lootboxes live on Twitch or YouTube. The viewers of these streams and videos may be children or vulnerable users.
Often, the sponsors appearing on these channels are unlicensed gambling platforms offering referral links and promo codes.
Organized cybercriminal use
In low-income regions, teams of workers perform activities such as gold farming, dungeon grinding, and power levelling. These three terms describe labour-intensive in-game activities that players (and sometimes entire businesses) perform to earn currency, items, or XP in MMORPGs. While many do this casually, others do it professionally to sell the results for real-world money.
Gold farming systematically collects in-game currency (like gold, silver, or credits) through repetitive gameplay to convert it into real money via third-party sales.
In MMORPGs, this is done by killing mobs (monsters) that drop valuable loot or gold, gathering resources, selling them on in-game auction houses, and completing repeatable quests or dailies that reward gold.
These tasks are illegally automated by botting software, macros and clickers. They can also be executed by human workers in low-wage regions such as Southeast Asia or Venezuela.
These farms can operate in shifts 24/7, and currency is sold via platforms like PlayerAuctions or shady gold-selling sites.
In most MMOs, gold farming is against the Terms of Service.
Dungeon grinding involves repeatedly running the same dungeon (an instanced group content) to farm rare gear, accumulate XP, materials, or tokens, and farm bosses for mounts, cosmetics, or crafting reagents.
This can be done by soloing older dungeons with an over-levelled character, running high-end content with a group, over and over, and boosting (skilled players carry others through dungeons in exchange for gold or real money).
People sell such boosting services: ads like “Buy 10 Mythic dungeon runs for $25” are ubiquitous in MMORPGs. Some of these services use pre-levelled accounts or pre-trained teams to do this fast and efficiently.
For example, players in Lost Ark or FFXIV might farm the same dungeon 100+ times to earn gear or currency for resale.
Power levelling rapidly increases a character’s level through optimized or external help, either for yourself or as a paid service.
Players use various methods to achieve that. High-level players kill mobs while your low-level character follows (“tagging”) or they run you through dungeons repeatedly. Others use quest bots or grinding macros. Another practice is account sharing, where a powerleveler logs into and levels your account.
Power levelling is sold as a service on forums and marketplaces, and some websites also offer packages and bundles.
These groups are controlled by organized groups or exploitative “digital sweatshops” with ties to human exploitation, cryptojacking (in some newer MMOs with NFT mining), and ransomware laundering via in-game tokens.
OSINT research in MMORPGs
From an OSINT investigation viewpoint, MMORPGs are legitimate research grounds for studying cybercrime patterns, money laundering tactics, behavioural addiction, digital economies and social manipulation.
The themes that you will encounter are:
- Digital labour: exploitation in gold farming brings to a digital class divide
- Anonymity and identity: criminals mask identities via avatars and proxies
- Virtual reputation system: can be gamed to build trust for frauds
- Addiction and manipulation: monetization models induce compulsion loops
- Asset ownership and value: virtual scarcity induces speculative behaviours (NFTs, skins)