G2A.COM  G2A News SafeHub G2A Scam – Timezone Refund Glitch Exploit Debunk
Recently news of a new way to scam people on G2A has started circulating, and it’s necessary to set the record straight and explain what, exactly, is happening.
The story claims that there is a script which allows users to exploit the way BitCoin checkout works on G2A.COM marketplace in order to get game keys for free. You may have even seen the new “G2A hack” and “G2A.COM exploit” videos popping up.
One of the scammers videos
How it’s allegedly works, is that the script, used via an otherwise harmless browser plugin (TamperMonkey on Chrome, or Greasemonkey on Firefox), changes the timezone, which is supposed to glitch the checkout system into thinking the session expired. You are supposed to get your BTC back AND receive your game keys/gifts.
The true scam is perpetrated by the people distributing the script, not the users hoping to exploit the checkout for free games. The script actually changes the target BTC wallet address. This way the script users’ BTC go to the script’s distributor instead of G2A.COM sellers. Not only the users don’t get their refund as they expected, but someone else entirely is getting their for free.
The script which scammers use
People who have never used this script (or other such exploits of questionable origin) designed to glitch out and bypass security systems have nothing to worry about, their BTC are as safe as they could hope. It’s only the people who try to trick the system that are at risk and should be aware that they are being scammed by script’s distributors.
A great start is not installing scripts from questionable sources. In general, using apps, scripts, extensions, etc. which affect any step in the checkout process is not recommended and can lead to any number of issues, including loss of money. The offending script in this case is often distributed via Pastebin.com, but even more reputable sources like GitHub can be prone. It’s better to just avoid scripts affecting checkout altogether, no matter the source.
You should also double- and triple-check payment info of both parties, including the amount of money transferred and the recipient information, and, when applicable, make sure you were redirected to an address you were supposed to.