The 2012 April Fools Hack was an incident that took place on April 1st, 2012. The hack allegedly involved the compromising of the Roblox website which enabled the user to recklessly experiment with and abuse the website’s features. It soon concluded in the website being taken offline to patch the vulnerability. While there was no actual hacking of the website, the event was widely referred to as such during and after it took place.
Timeline of Events
On April 1st, 2012, a user known by the community as DracoSwordMaster was given access to an admin panel and allegedly caused what would become the website's most notable "hacking". It involved the currency system and item catalog, the use of the warning banner, and unauthorized user promotions in a 2017 Reddit comment, Gordonrox24, a former moderator, noted that "It was nothing... You won't see it happen again".
The suspected precursor to the event was a forum discussion that deteriorated into an argument between Minish and Merely involving money and the economy of Roblox. Minish's account was taken over during the event. Minish bought Merely's famous Domino Crown, which was Merely's personal favorite catalogue item. The forums soon exploded with threads discussing the events. As a result, the two users were each given bans. This would also lead to Merely briefly quitting Roblox.
New Catalog Items
During the event, multiple new Roblox assets were released. A new face was released into the catalogue with the title "c:" on the official Roblox Catalog for 100 Robux. The only account to purchase it was Stickmasterluke, whose account was assumed compromised. The face's image asset can be retrieved from the Roblox website. Another "c:" face was made, which can also be retrieved on the website. A third face called "hai guize derp" was also released and can be accessed on the Roblox website.
Banners were added to the top of the site and frequently changed colours and displayed objectionable content. Examples include "thank you minish for messing up the economy. nub." and "always share your passwords with strangers, kids!", "Haha these are so funny let's go spam the forums about them :D", "Remember kids tell your parents to vote Ron Paul", "Yo gonna give a shout out to the homies in dah hood'
Multiple users were granted large amounts of Robux throughout the event. Although most of these accounts were apparently rolled back, it is speculated that some users managed to evade losing the entirety of their newfound wealth. An example of one of these users is Misteroe, who managed to evade a ban and successfully trade away and launder an estimated 100,000 to 350,000 ROBUX. There is also some speculation that Misteroe was directly involved with the event. This claim is supported by the fact that Misteroe would later go on to be responsible for the firing of 3 Roblox administrators, most notably JacksSmirkingRevenge.
It is confirmed that 1dev2s account was one of the accounts that were also compromised. Many items were put into his inventory and during the event, and his avatar was changed multiple times. His account was subsequently terminated by a moderator. This ban was never revoked, but 1dev2 was possibly allowed temporary access into his account after the event, which during that time, he uncopylocked his game "Welcome to the Town of Robloxia". He is currently active on his new account, 1dev3.
After all this activity occurred, Roblox staff brought the site offline and reported that they were attempting to patch up the currency system. The website was brought back online during the late evening of April 1 at around 8 PM. The Trade Currency system and Roblox Catalog were offline until the following evening.
In a Roblox Blog post on April 2nd, it was announced that "(Roblox) experienced a site issue the evening of April 1st..., and (they) took the site offline". They noted that "Several assets were released from (the catalogue) backlog that were not ready for production", and "Several accounts were incorrectly granted large amounts of Robux; some of these Robux were subsequently traded with other accounts." One confirmed user to benefit from the large influx of artificial Robux was Misteroe, although it is not clear if this is statement is directly referencing him. Some catalogue and currency transactions were audited and rolled back, and they estimated the rollbacks occurred in fewer than 0.01% of Roblox accounts. Some items were updated with new pricing, while other items were taken off-sale. The "c:" face was changed to "Dr. Smyth Face" and was temporarily available for purchase. Around April 4th everyone who was involved in the attack were terminated, IP banned, warned, or banned for a while. Some of these users were innocents such as 1dev2, Proscribe, and some that are compromised like Minish, and others.
- ↑ (2017). What was the April Fool's Hack of 2012?. Retrieved from https://www.reddit.com/r/roblox/comments/7irz8i/what_was_the_april_fools_hack_of_2012/
- ↑ David Baszucki. (2012). Site Issue Resolved. Roblox Blog. Retrieved from https://blog.roblox.com/2012/04/site-issue-resolved/