I'm John Hight, the production director for Diablo III. As most of you know, after the release of patch 1.0.8 a small number of players exploited a bug to duplicate gold. The bug has since been fixed, and the Auction Houses and gold trading are back online.
While the issue is resolved, we know a lot of players have questions about what happened and what we're doing about it, so I wanted to take some time to discuss the details with you here. So, What Happened?
Shortly after we released patch 1.0.8 in the Americas on Tuesday, players discovered a bug that allowed gold to be duplicated via the real-money Auction House. The bug was the result of a coding error that was exposed when we increased the gold stack size from 1 million to 10 million. This resulted in an overflow on cancelled auctions that yielded a greater amount of gold in return. Only a relatively small number of players had the billions of gold necessary to exploit the bug, and only 415 of those players chose to use this exploit for personal gain.
To all of you who reported this to us, thank you! As soon as we confirmed what was happening, we took the Auction Houses in the Americas offline and suspended gold trading in order to isolate the problem. From there, we were able to troubleshoot, develop a fix, test it, and deploy it to all regions before the day ended-also ensuring that patch 1.0.8 rolled out in other regions (without the bug) as scheduled. The Auction Houses remained offline and gold trades remained suspended until we completed a full audit of all transactions that occurred during this period. Once that was completed, we brought everything back online.
While this was happening, we locked accounts that appeared to be exploiting the bug as well as collaborators that held gold or items for the exploiters. Once we confirmed that an account was involved in this exploit, we either banned or rolled back the account depending on their activity. What Does That Mean for Me?
Soon after the exploit was discovered, we contemplated doing a complete rollback, as was suggested by a number of players here in the forums.
The vast majority of players did not participate in the exploit and we didn't like the idea of punishing them for the bad behavior of a few people. A rollback would mean bringing the servers down for a lengthy period and a loss of all progression since 1.0.8 was released. Many players made significant accomplishments in the game that required time and dedication, and we felt it was worth the work involved to try to preserve these efforts and go after the exploiters instead.
With this in mind, we elected not to roll back the servers in The Americas and are instead working to remove duplicated gold from the economy through targeted audits and account actions (as indicated above) without taking away progress that our players rightfully earned.
As of this this post, we have already recaptured more than 85% of the excess gold from the accounts involved, and over the days ahead we will continue to pore over our audit data to reclaim as much duplicate currency as possible. We've also done a full audit of our code to help make sure that something like this doesn't happen again. So, What's Next?
Many people bought and sold items and gold on the Auction House on Tuesday. We're making sure that all legitimate transactions go through. This means that if your account was not involved in the exploit, you will get to keep your items and gold, as well as any money you received from sales on the real-money Auction House. We'll also be donating all proceeds from auctions conducted by the suspended or banned players-including all of THEIR sale proceeds that we intercepted as well as our transaction fee-to Children's Miracle Network Hospitals. Thank You!
On behalf of the development team, I just want to say thanks again to those of you who took the time to notify us about this situation, as well as apologize for any inconvenience this issue may have caused you personally. We highly value fair play, and we're going to continue to monitor the game and take steps necessary to prevent exploits like this from happening in the future.