So my guild's bank was just robbed by a hacked member's account and I'm wondering how this is possible.

All our members are limited to 25g/day and 5 stacks of items/day from all tabs. Yet looking at the armory bank log today I can see that his toons withdrew dozens and dozens of stacks of items and dozens and dozens of 25g cash increments over a ~3 hour period in the early AM.

We're assuming his account was hacked because all his toons' gear has disappeared too, they're all naked now.


How is this possible? Is there a bug in the gbank code that allows people to withdraw several times their daily limit of stacks and gold? Anybody else seen this?

So my guild's bank was just robbed by a hacked member's account and I'm wondering how this is possible.

All our members are limited to 25g/day and 5 stacks of items/day from all tabs. Yet looking at the armory bank log today I can see that his toons withdrew dozens and dozens of stacks of items and dozens and dozens of 25g cash increments over a ~3 hour period in the early AM.

We're assuming his account was hacked because all his toons' gear has disappeared too, they're all naked now.


How is this possible? Is there a bug in the gbank code that allows people to withdraw several times their daily limit of stacks and gold? Anybody else seen this?


it's PER toon at that rank. So if the guy had multiple toons at that rank, that's why You see multiple withdrawals for the max amount

Did he have invite permissions? Check the guild log and see if he was inviting the same character multiple times. This is how they usually do it.

Sundancekid invites Butchcassidy to the guild
Butchcassidy joins the guild
(insert bank robbery transactions here from the gbank log)
Butchcassidy has left the guild
Sundancekid invites Butchcassidy to the guild
Butchcassidy joins the guild

etc etc That is what our guild log looked liked when it got hacked. The withdraw limit gets reset when they leave. At least that is the behavior of the gbank mechanics.

Edit: Have the guildmaster submit a restoration ticket for all the items that were taken. Copy down the gbank log and make sure all the items get returned. You can send in a long petition through outside email to list everything that was taken because there won't be room on the in game petition.

Sucks to have someone in your guild dumb enough to log on to some fake blizzard mounts website with their wow info.

Man, there's some really nasty people on this site lately. And I thought I was PMSing like a banshee. You don't know how they got keylogged, poorly spelled ingame spam isn't the only way it happens.

Sundancekid invites Butchcassidy to the guild
Butchcassidy joins the guild
(insert bank robbery transactions here from the gbank log)
Butchcassidy has left the guild
Sundancekid invites Butchcassidy to the guild
Butchcassidy joins the guild


That's a pretty nasty bug Bliz has in their coding. I had no idea it was that easy to get around the daily limits.

Be careful who you give access too.

I had to yank access from all my guildies because they all followed a phihsing link that was sent to every toon in my guild via in game mail. 3 of them got hacked, the rest have authenticators.

I pulled all of their permissions for being stupid enough to not notice the sender was not a guildie but a spoofer using estended ascii, and for following a link to an executable file...

That's a pretty nasty bug Bliz has in their coding. I had no idea it was that easy to get around the daily limits.

Not sure why you'd call that a bug. Their guild rank also gets reset to the lowest rank when they re-join, is that a bug too? ;).

Some good safeguards:
- Give as few players as possible invite privileges. In my raiding guild, only the 5 officers can invite new members.
- Give ONLY the GM promote privileges. Make the lowest rank unable to even view the guild bank. This way the officers can invite apps if the GM isn't on, but the GM has to be on to promote them.
- Educate people on what social engineering/phishing are, and why you should NEVER EVER EVER EVER enter your account information anywhere other than account management and the login screen.

Wow that sucks. And yeah got hit with the go to such and such website and get an ingame this or that. Reported the lv 1 right away.

Not sure why you'd call that a bug. Their guild rank also gets reset to the lowest rank when they re-join, is that a bug too? ;).


Maybe call it a loophole or something.