Important Announcement: Legendary Tokens Exploit

Phaserhawk

Omega Red wrote:

Months ago I actually discovered by accident the glitch that enables this exploit and it never ocurred to me to use it to optimize the outcome of my tokens. I guess I'm too naive and well-intentioned because I really never thought I could use that to control what covers I got.

From a TECHNICAL point of view, this is not hacking which involves tampering with the code or the infrastructure that runs said code. It's not a cheat under the context of a dev leaving intentionally some secret codes that unlock certain game items. It's an exploit. The system works as intended, but if used in a certain way that was not meant to be used, it produces system-breaking results. This is an important distinction to make because it helps to understand who carries the weight of responsibility here, named: the developing team.

Closest real life example I can come up with is an ATM machine. Imagine one of those giving away money without charging it to your account if operated certain way. Now imagine said machine operating with that exploit during two full years, giving away some free money to some lucky, unsuspecting users. Whether it knows about the exploit or not, the bank is fully responsible for the money lost. Whether users abused the exploit or not is besides the point, the first and sole responsible is the bank that allowed the exploit to exist for so long.

In my opinion, the integrity of the game has been compromised beyond repair. I agree that the actual impact in game scores and rankings must be minimal and mainly among the highest elite, but consider this: the exploit has been sitting there forever, who knows how many 3* and 4* were obtained this way? And now it has tampered with three months of purchases worthy of thousands of dollars.

I won't vilify those who abused the exploit. Most of them probably still spent a lot of money to buy all those tokens, shields, etc. I don't know what could be appropiate punishment. Sandboxing seems too much as technically they didn't tamper with the code, they just played a exploit, a big one since it affects the economy and finances of the game but still only an exploit nevertheless. On the other hand, a rollback to what they had in their accounts prior to legendaries seems too forgiving. Regardless of what is done to them, demiurge should refund every penny spent by those players. It would be the only way to recover any sense of credibility.

I agree with what others have said in regards to compensation. I don't think you can put a price to trust and credibility.

tinykitty hit the fan this time.

Except I know of a situation where your ATM thing happened. There was an ATM back on a campus at UW-Eau Claire 20 years ago, that the ATM person accidentally put the 100's in the 20 slot. When kids went to go pull $60, they got $300. When word got out everyone starting going to the ATM machine. Guess what happened. The bank found out and charged all of their accounts accordingly. Now in this case the bank (D3) knew, so while in the ATM case only the filler was at fault, everyone paid one way or another. Now you have this situation where the bank and the withdrawers knew, and guess what, they are going to have to pay. Btw, those that overdrew their account were fined the overdraft fees, so yes the cheaters are at fault, they found the atm giving out $100's instead of $20's

Bryan Lambert

The most infuriating part of all this is that the ripple effects are so pernicious.

I mean, the primary effect is that by playing fair, not only do I have to compete against the PvP teams of whales, I have to compete against the PvP teams of cheaters. And have been for two years. I still don't have a max-covered Jean or Hulkbuster, but I've been having to knock down 270 Jeanbuster teams for months. Part luck, part money, and now, part cheating.

But there's also the fact that in the metagame, your ability to progress isn't a static thing. Your ability to progress is dictated in part by your successful progression. This is especially true since the addition of 4* DDQ, which gives out rewards almost entirely based on how many covers of a given character you've managed to collect. So, the ability to collect more 4* covers using the exploit means you can collect more 4* and 5*'s legitimately through 4* DDQ, or worse, provide a weekly LT you can then use the exploit on.

And even beyond that, what effect has this had on the metrics, and what effect have those metrics had on game design decisions like the difficulty of DDQ 4* opponents, PvE scaling, progression rewards, etc? How has two years of extra covers, extra ISO, and generally artificially-inflated rosters affected the overall game dynamic? And how has that game dynamic affected non-cheaters' ability to progress?

On an event by event, situation by situation level, it may not affect things by much. But it touches every part of the game a little bit, and I'm not sure there's any way of knowing what the cumulative effect has been. Which is a long-winded way of saying "integrity of the game", I guess.

madok

*bumps the stickied thread*

Does anyone know if today is a holiday or there is a con going on somewhere?

I was hoping that the reds would at least acknowledge that they are reading this thread but I guess they must be off celebrating Green Monday, Monkey Day or National Bouillabaisse Day.

XandorXerxes

Given that the exploit was apparently detailed in the bugs forum for a year before it was noticed / removed, do we keep posting bugs in general discussion to get them noticed?

Jellybat

+1 for use of Bouillabaisse.

Pinko_McFly

madok wrote:

*bumps the stickied thread*

Does anyone know if today is a holiday or there is a con going on somewhere?

I was hoping that the reds would at least acknowledge that they are reading this thread but I guess they must be off celebrating Green Monday, Monkey Day or National Bouillabaisse Day.

I saw Kabir on earlier this morning.
An Hi_Fi last vsisted today, a few hours ago.

Boommike

I saw Hi-Fi perusing the Malcrof forum a little while ago, so they're definitely looking. But for something like this, I wouldn't be surprised if they're a bit tight-lipped over the next couple of days. Which, albeit frustrating, may not be a terrible thing considering the emotion surrounding this whole ordeal.

Unknown

I am reading the posts from all forum members on this issue. A lot of frustration against D3 justified YES 100%. A lot of frustration against other community members justified? I don't know. I know that there is no point in arguing between us. All are free to express their opinions free as it comes from their minds. But we are loosing the real deal.

1) there is a problem right now that effects most of us who didn't cheat and shakes the fun we have to the game and the trust we have to D3
2) the game isn't only about covers and resources. Some ethics is involved in it too. Honesty for not cheating, loyalty for not betraying alliance mates in bad times and stick with
them. With all this issue exposed I see only GREED, CHEATING and BETRAYAL. And that is definitely not what I expect from a game.

So we have three options
1) Arguing and try to hit other members and loose the target. Crying about compensation. Firing salvos at D3.
2) Trying to make our game again better with some ethic values restored, trust & fun restored with some good proposals
3) Quitting the game.

I am no quitter and I will fight for what I love playing. Arguing & firing salvos at D3. I don't care about D3 they are doing their job. Good or bad it will be revealed with their response to this problem and their generosity towards fair players in the near future. So the only real option we truly have and its worth squeezing our minds is the second if we all want to save this game.

DIM

puppychow

DrStrange-616 wrote:

How do we trust Demiurge/D3 again?

This is the question, isn't it? My trust in them was already shaky before this fiasco. I've been asking myself what it would take for them to win me back, and I'm not sure. I doubt they'll fire themselves. I am, however, fairly sure, what it would take won't happen. Their MO has been basically to ignore problems and complaints. Unless the ghost of Christmas future shows them what life will be like this time next year (RIP, MPQ), I doubt much of substance will happen.

Considering that MtgPQ came out recently , I daresay the focus now is on growing that game rather than this one. Going forward, the revenue from Mtg will probably exceed MPQ's.

Colognoisseur

puppychow wrote:

DrStrange-616 wrote:

How do we trust Demiurge/D3 again?

This is the question, isn't it? My trust in them was already shaky before this fiasco. I've been asking myself what it would take for them to win me back, and I'm not sure. I doubt they'll fire themselves. I am, however, fairly sure, what it would take won't happen. Their MO has been basically to ignore problems and complaints. Unless the ghost of Christmas future shows them what life will be like this time next year (RIP, MPQ), I doubt much of substance will happen.

Considering that MtgPQ came out recently , I daresay the focus now is on growing that game rather than this one. Going forward, the revenue from Mtg will probably exceed MPQ's.

Yes you're right but past performance counts. If they make a further mess out of responding to this there could be some frustration which will spill over to the ratings of MtGPQ. If that takes the shape of "Beware D3 doesn't care about policing cheaters" It could hit right as they don't want that kind of "review" showing up.

Yes I know D3 is only the publisher of both games but there will be people who don't make the distinction all they will see is that logo up there and think one D3 game is like any other.

Time will tell.

TLCstormz

fight4thedream wrote:

Mod note: Malcrof's posts and posts reacting to it were split from this thread since they were derailing this thread. If you believe your post was erroneously moved, please contact me or another mod and we will move it back here. The split thread can be found here: viewtopic.php?f=7&t=36663#p454996

I'm surprised that y'all didn't disappear the incident, altogether.

slidecage

anyone else worried about this

We are aware of an increase in players using an exploit involving Legendary tokens



So if there was just a slim amount of players doing this the company would not have any problem allowing these people to cheat.. It seems they are now just stepping up cause MORE people are doing it.

GurlBYE

I mean it should be clear what to do as a player who is unhappy with changes and are lashing out at people who disagree.

It has something to do with their most important factors.

+ + money + playing events.

When has making long posts on this forum when they screwed up ever changed anything?

They literally only updated this on the weekend because someone talked about it, and another character releases and DDQ 4 was coming. Why spend money if someone elses money makes them luckier, choices are a) exploit to keep up not pay or play.


Since we're all so adamantly against a, it might be time to swing for B, which is the one of the two they don't want you to do.

rawfsu

Last time I spoke at length, it was suggested I break things down in paragraphs. Well, here goes lol

-If I were a regular paying customer, especially a whale or super-whale, I wouldn't be very happy right now. It's been documented that a particular player has invested thousands (I believe tens of thousands) of money in this game to build an untouchable roster. Imagine hearing this news? I would've hoped a little light would've gone off saying that the investors needed to be protected. Maybe there weren't that many cheaters at the time, but one is more than enough in my opinion. A fix could've been quietly applied and this wouldn't be a big thing right now.
-On top of that, PVP and PVE scores have inflated BIG time. Now, I know some of this is due to increased LT availability. That's fine. However, I can't help but wonder how many "exploiters" have simply been able to take advantage and run up their scores. Last season, I scored 8709 for the season and finished top 10. This season, finished at 9800+, placed 300. I know my slice placement can affect this as well, but it still leaves the door for this question to be asked.
-If it was the bottom line that caused a delay in addressing this issue, how will the bottom line look now that this is public and people are finding out this exploit has existed for some time? Will people still invest with confidence that there isn't another backdoor exploit players are "secretly" taking advantage of that won't be addressed for months or years?
-Glad I don't have anything to worry about since I'm on Android!

lukewin

DrStrange-616 wrote:

How do we trust Demiurge/D3 again?

This is the question, isn't it? My trust in them was already shaky before this fiasco. I've been asking myself what it would take for them to win me back, and I'm not sure. I doubt they'll fire themselves. I am, however, fairly sure, what it would take won't happen. Their MO has been basically to ignore problems and complaints. Unless the ghost of Christmas future shows them what life will be like this time next year (RIP, MPQ), I doubt much of substance will happen.

I think this is where it comes down to personal expectations. I have gone back and forth with my view of D3 Go! I'd be disappointed/mad about their reactive (not proactive) approach to the game and changes and lack of communication, but then I'd forgive/forget after they'd show up, every once in a while and have a lot of interaction. I made plenty of posts trying to clear up people's misconceptions, so people wouldn't have problems with the companies due to their own misunderstandings. After the Galactus Hungers Run 1 mess, I broke out of the cycle and just greatly lowered my expectations of both companies, to save myself future/inevitable disappointment.

I trust D3 Go! and Demiurge to let me down with changes to the game and how they communicate, and to hopefully not do anything that will alter the game so bad that it becomes unplayable due to a lack of fun. I hope that things get better, but I expect nothing to get better. Almost everything about this exploit and their response to it has not surprised me, because it falls in line with what they've done in the past. I almost expect something to happen that might generate a lot of goodwill (ex. Galactus Hungers Run 2), so that the forums shift to a positive atmosphere for a bit, then it's back to radio silence from D3 and we go back to rehashing the same issues that have not been addressed/resolved until the next dustup, when we'll remember our frustrations about all the previous dustups.

GurlBYE

I really hope you guys remember that people who exploited had the most to gain if they spend some sort of money.

Like a free to player with a 1 star-2 star roster wasn't exploiting legendary tokens. Even if they got that 1 or 2 lucky 4- 5 stars. it makes the game hellish for them lol.
At that rate straight up hacking the game gave them a more reasonable return lol.
In that case the devs could have just sandboxed or deleted their account without the need for a peep, on a weekend.

firethorne

Wow, my decision to indefinitely suspend any purchases toward this game after the anniversary was apparently a good one. I agree with some of the other posts, the competitive integrity of the game is now seriously compromised.

Even if fixed, and all offending users removed, there is a serious question of ethics and trust in the game now. To think that this has existed through the life of legendary tokens and probably far longer is troubling, considering how much of the game is competitive in nature.

Players now can point to this as a reason why the odds have been unfavorably and unfairly stacked against them. And true or not, there is now enough reason to make such speculation not in the land of tin foil hat conspiracy.

I really don't know how you can fix the PvP street cred. I guess my only play would be to double or triple down on completely non competitive content and hope you don't shed to many users.

Eddiemon

RWTDBurn wrote:

This is a very good list of questions. I'd like to add the following, just for clarification as the answer would greatly impact your 5th question on your list regarding compensation.


- Are the 5* drop rates truly 3.3% per draw (9.9% total since there are 3 of them)?

If in the off chance they are actually using a global vault system for draws (which I highly doubt they are) then the "Drop rates are per draw" statement in the information screen for legendary tokens is a lie. The drop rate per draw percentages would be in constant fluctuation based on the number of 5*s already pulled globally so these cheaters would be lowered the percentage for everyone else. Stating inaccurate odds on anything that involves real world money is serious and can lead to legal action against them. As someone that has spend a few hundred dollars on this game and has only drawn 3 5*s out of 75 Legendary Tokens I sure as hell would want some of that action if someone filed suit. Again, I seriously doubt they would do this but there needs to be some transparency here. In the off chance that they actually are using a global vault system then the only compensation that could keep them out of a courtroom would be to give random 5*s to everyone based on the number of 5*s they currently have acquired through Legendary Tokesn and the number of Legendary Tokens that they've used so that their percentage is equal to or higher than their advertised rate of 9.9%

I don't think it matters.

If a cheater has a 10% chance of a 5* cover, then you would expect them, on average, to deplete the vault of 9 4* covers for every 5* pulled. Which would mean nobody else's odds were affected.

In order for there to be a change in odds there would have to be a really weird escrow system which didn't actually deplete a cover until the cover was allocated to an account. The problem with this is that the cover would have to be marked as allocated to someone, but not actually marked with who that someone was. (or they would be able to immediately reallocate the token when the client reconnected). It's just too much to have them build an escrow system that maintains information on the allocation but doesn't make use of it when the user redraws.

fmftint

I expected some sort of update on this issue today, but in true D3/Demiurge fashion, silence.

slidecage

fmftint wrote:

I expected some sort of update on this issue today, but in true D3/Demiurge fashion, silence.

they might be on west coast so give them until like 9pm est but doubt we hear anything