05 Aug 2022 • 10 min read
05 Aug 2022 • 10 min read
There is nothing new about cheating in online games. American cybersecurity services firm Irdeto found that cheaters impacted 60% of online players. Cheating even become a sub-economy in the gaming industry.
Cheating is often seen in multiplayer games where cheaters subvert the rules to gain unfair advantages over average players. In the early days, dishonest behavior in games could simply be driven by competitiveness in human nature. Some people just love the feeling when they defeat their in-game opponent and rank higher in the game.
When online video games rose as a prosperous industry, things became complicated. Cheating is no longer just individual behavior. The gaming industry is now worth over $16 million per year and boasts more than 2.7 billion gamers, with mobile game advertising revenue growing up to 59% during the economic downturn of COVID according to statistics from Unity. The avid players and the considerable income they’ve generated for the industry prompted a group of cheaters to assist players to win in games and make money from it.
No games can avoid being exploited by cheaters, especially the most popular games. Several examples follow this trend. Lost Ark, currently the most popular game on Steam, has just been through a wave of in-game spam messages earlier this year.
Bots and scripts become common methods of cheating in online games. Cheaters use automated software assistance to help players exceed average users in battles, claim credits, and so on. Sometimes, bots would become players themselves to gain the in-game assets and sell them for profits.
Broadly, bots can cost crypto game players money in real life and hurt blockchain game economies if unstopped.
The core difference between crypto games (also known as blockchain games or NFT games) and traditional online games lies in the value of in-game virtual items. Traditional online game publishers would claim that their virtual items have no economic value outside of their game, while crypto games are based on the use of cryptocurrency or NFTs. Crypto game players can buy, sell, or trade in-game currency with others using cryptocurrency or real-world currency.
Play-to-earn games have become a new branch of blockchain games. They allow players to earn cryptos by spending time playing the game and trading in-game virtual items for cryptocurrency, which can then be exchanged for money.
Bots can do anything that average players can do in games, from mimicking human behavior to trading in-game currency in the market. The ecosystem of most play-to-earn crypto games is similar: acquiring in-game currency through actually spending time on the game, and trading in-game currency through a crypto wallet. Unlike human players, bots don’t care about ownership of in-game NFTs and the fun of playing. Their aim is clear: get as much as in-game currency and sell it for profits.
The first step is to create mass bot accounts and get in-game items quickly by playing the game relentlessly. Since bots are completely automated, they would gain virtual items much more and faster than average players. Then, bot operators would sell in-game virtual items to other players for profits.
Having too many bot accounts would be a tough issue for game publishers. What they want are real players to play the game and build a healthy gaming ecosystem. Bots would only suck the game dry and get all the yield until the game is dead.
The next step is to invade the trading system of crypto games. The gamer usually has a crypto wallet connected to the game account for trading what they earn in the game. Bot operators would rather directly get into these crypto wallets than create many bots and wait for them to earn the items.
Credential stuffing is the process of inputting stolen data, like usernames and passwords, into a login page to take over an account. Bots are used to test each of these usernames and passwords, and the rest is only a matter of time. After taking over accounts, bot operators would have the digital assets to themselves immediately.
Once bad actors have in-game cryptocurrency, they can sell it for profit. The last thing that bot operators care about is how to sell it for a good price. Scalping bots help fraudulent actors drive their targeting cryptocurrency (or NFTs) price down, ensuring them buy more at a lower price, and then drive the price up to let them sell for a good price.
Firstly, bots place bids and wait to cancel them once bids are accepted. This will make the item relisted at a lower price. Bot operators then would use scalping bots to purchase all the items at the lowest price. Once they own most of the items in the market, the selling price is their call.
Play-to-earn games have exploded in 2021. Not surprisingly, the popularity drove countless bots to these games. Players used bots to monitor the crypto games marketplace and to notify them as soon the cryptocurrency of the game would be listed. It makes the bot operators an unfair advantage over the regular users when it comes to purchasing in-game cryptos.
Generally speaking, CAPTCHA is a challenge-and-response verification process. The primary task of CAPTCHA vendors is preventing bots from correctly responding to the challenge. For most CAPTCHAs, including GeeTest CAPTCHA, images are a main part of the challenge. GeeTest CAPTCHA updates images that are used to generate challenges on an hourly basis, while most vendors are unable to do so.
GeeTest updates images based on two models: attack-based model and client-based model.
GeeTest AI learns the pattern of bot attacks and replaces the old images with new ones right at the point when attacks are about to start. Therefore, bot operators have to either invest more in bot farms or spend more time learning the new images. When the return of investment is lower than botnet manipulators expected, they would stop the attack.
Clients from different industries have different requirements. An e-commerce organization may have a higher risk of being attacked during shopping festivals like Black Friday and Cyber Monday, and those from the blockchain industry are likely attacked while users make transactions.
GeeTest learns how the client's business runs and updates images when the risk rises.
It runs silently in the GeeTest CAPTCHA risk management system. Through adjusting PoW for each user, the time that each verification takes would differ. For regular users, it takes only about 10 milliseconds, while for malicious requests, it takes more time and consumes more CPU.
GeeTest CAPTCHA acts based on real-time monitoring. It estimates each request’s risk according to multiple real-time metrics, like IPs, the user’s behavior trajectory, signs of web simulators, signs of CAPTCHA farms, etc.
Bot problem is what the entire crypto gaming ecosystem has to figure out. Crypto game publishers need to deal with it well and much better than any previous traditional games, as the crypto game is a place where what you are doing actually matters in real life.
Content Marketing @ GeeTest
Subscribe to our newsletter