On May 29, 2012, a large automated scamming device titled ROBLOX Rewards was launched. At the time, it was unknown who its creator was and how much this device would spread. Hosted on a public website called "roblox.co.cc", unfortunate users were tricked into believing they would be rewarded with ROBUX.
To make an already terrible situation even worse, the website would process the username and password entered and attempt to login with those credentials at the official ROBLOX website. If someone entered invalid details, it would provide them with an error, but when they entered their true username and password, it accepted them.
Users would find the scam through comments on various assets and follow the link. There, they would enter their username and password before being asked to post additional comments with links to the scamming website.
Once credentials were accepted, the system automatically cataloged the user alongside their ROBUX and Tickets balance. This helped determine whether the user was worth scamming or not. It is currently unknown whether the system would automatically take the funds of chosen users, or if its creator had to manually withdraw them.
The scam site was created using the PHP programming language, and was hosted on private web servers. Multiple users attempted to find the web host of these web servers and request a takedown, but were unable to do so as there was no web host.
At the time of this scam, ROBLOX had integrated a Captcha system into their login pages, making the functionality of this website impossible without using proxies. Proxies likely allowed the website to connect to ROBLOX using different IPs and attempt to log in, therefore not triggering any login prevention systems.
The database for the entire scam site was later leaked, introducing a number of statistics to the public, as well as disclosing usernames and passwords for thousands of ROBLOX accounts.
Within the first 24 hours of the scam, nearly 2,500 users had been compromised. Sadly, the scam launched on a Friday evening, ensuring ROBLOX staff would not be able to respond until Monday. By the time ROBLOX staff had returned to the office on Monday morning, the scamming device had already compromised more than 6,500 accounts.
Roughly 3,200 different proxies were found in the database, providing additional proof that the application had used them to log into ROBLOX accounts automatically.
The amount of Tickets and ROBUX stolen is unknown, as the database also contained information for users who had not been scammed. However, a total of approximately 60,000,000 Tickets and 850,000 ROBUX was found among all users within the database.
It has become well known that the creator of this scamming device was a popular user named Bannana97. His account was terminated after using the scammed money to run ads for his "Ad Domination" group, which succeeded in dominating the ad system for a short time.
Other accounts linked to Bannana97 were also terminated, including but not limited to AceBailey and HolyBanana. HolyBanana had been known for RoWindows, a GUI-powered computer for ROBLOX games, but has made it clear that he was Bannana97's brother. AceBailey was Bannana97's 2006 account.
In 2012, directly after the termination of the scammer's account, the user Uuvinu signed up and became popular for a website called Roblox Ranks. This website was featured on the ROBLOX Blog, but later shut down. It is now known that Uuvinu was Bannana97's brother -- the user of HolyBanana. He also worked on, but did not fully create, a few of Bannana97's games including "Build to Survive a UFO".
It was initially thought that the scamming device was caused by anger at inappropriate acts of Telamon and multiple biased bans. However, Bannana97 has made it clear that there was no true reasoning behind it. In a private Xfire chat on April 15, 2014, Bannana97 said:
I don't really know why I did it anymore. I wasn't the only one who was scamming users, but I was the only one who got caught. Fortunately, the others have stopped such things. I do regret what I did, yes. I recall feeling bad for some users and deciding not to steal their profits - users who had bought their ROBUX or had clearly been saving up for a long time.