Skip to main content
Emerging ThreatsData Breaches

Ukraine Arrests Hackers Behind 610,000 Roblox Account Breach

Cluttered home office setup with gaming console and laptop surrounded by papers and snack packaging.

More than 610,000 Roblox accounts were accessed in a months‑long campaign that Ukrainian authorities say relied on phishing lures and infostealer malware to harvest credentials and tokens.

Scope of the intrusion and timeline

The Prosecutor General’s Office of Ukraine says the campaign ran from October 2025 through January 2026 and resulted in unauthorized access to over 610,000 user accounts on the online game platform Roblox. Investigators reported that the attackers used the stolen access to inventory in‑game items and balances of Robux, Roblox’s in‑game currency.

What the attackers took and how they monetised access

According to the National Police of Ukraine, the operation used social‑engineering lures promising in‑game bonuses; the actual payload was infostealer malware that exfiltrated usernames, passwords and tokens that allowed persistent account access. Investigators identified at least 357 “high‑value elite accounts” and say access to those accounts was sold on Russian websites for cryptocurrency. Authorities estimate the group received more than $225,000 from the sales.

The reporting notes why those accounts had value: Robux can be bought with real money and official Robux gift cards can cost as much as $199.99, while some of the rarest Roblox items trade for thousands of dollars on third‑party exchanges. That secondary market is the source of the alleged criminal profit.

Arrests, searches and seized material

Prosecutors say three suspects were arrested: a 19‑year‑old from Drohobych and two additional individuals aged 21 and 22. Working with the cyber police and the Security Service of Ukraine, the Prosecutors of the Lviv region executed searches at 10 properties linked to the suspects. Seized evidence included computer equipment, storage devices, mobile phones, bank cards, handwritten notes, plus over €2,500 and nearly $35,000.

Authorities report that forensic analysis of the seized devices is ongoing. If convicted of distributing malware and stealing accounts, the defendants face up to 15 years in prison.

Law enforcement, Roblox, and players

Law enforcement: The Prosecutor General’s Office of Ukraine, the National Police, the cyber police and the Security Service of Ukraine are jointly handling the investigation; the Lviv region prosecutors led the search operations and seizure of devices and funds, and are continuing forensic analysis.

Roblox: Infosecurity has contacted Roblox for comment, according to the report.

Players: Victims received social‑engineering prompts that purported to deliver bonuses but instead installed malware that stole credentials and tokens, enabling account takeover and resale of elite accounts.

Financial traces and the market for stolen accounts

Investigators tied the criminal proceeds to cryptocurrency payments on Russian websites and reported a recovered cash sum of nearly $35,000 and more than €2,500 among the seized assets. Authorities’ accounting puts the group’s earnings from selling account access at over $225,000. Those figures are central to the prosecution’s case and to ongoing device analysis that authorities say is underway.

The arrests close a major disruptive chapter in this particular scheme, but the investigation remains active: Ukrainian authorities continue forensic work on the seized equipment, and the factual record includes the sale of 357 elite accounts and the reported six‑figure take. The prosecutor’s office has filed charges that, if proved, carry penalties of up to 15 years’ imprisonment.

Source: Infosecurity — Three Arrested for Hacking Over 610,000 Roblox Accounts