Marketplace launching soon — join the Discord for early access.

Join Discord
BLOXSTRIKE.NET

Roblox account safety

How to spot a scam, why we use Roblox OAuth (and never see your password), how vendor alt-account verification works, and what to do if you suspect a phishing attempt.

Most BloxStrike "scams" don't happen on bloxstrike.net — they happen in Roblox DMs, fake Discord servers, and screenshot-edited "trust trader" posts. The patterns are the same patterns you've seen on every Roblox-adjacent platform for the last 10 years. Here's how to spot them and what we do differently.

What we never ask for

  • Your Roblox password. Ever. Sign-in goes through Roblox's official OAuth — you log in on Roblox's own page, Roblox tells us who you are. We literally never see the password field.
  • Your Roblox cookie / .ROBLOSECURITY token. Anyone asking for this is trying to steal your account. We don't need it; OAuth gives us everything we need.
  • A two-step trade where you "send first." Not on this platform. We hold the buyer's funds in escrow; the vendor sends first; you confirm receipt; funds release. There's never a flow where you're asked to send something to the vendor before they send to you.

Common scams (NOT on bloxstrike.net)

  • DM "trade boost" / "value bump." Someone Roblox-DMs you asking to "boost the value" of your inventory by trading. They send first; you send something back; their original "send" reverses (it was a fake-out trade).
  • Fake bloxstrike.net Discord. Someone makes a discord.gg/bloxstrike-credits-shop server and DMs you with a "support" badge. Real Discord: linked from this site's footer + nav. Don't follow links from random DMs.
  • Phishing site clones. A typo-domain (bloxstrike.gg, bloxstrike-net.com) clones our UI and harvests Roblox cookies. Always verify the URL says bloxstrike.net (or look8s0848g0sswkkkwosokk.51.81.220.188.sslip.io while we're pre-DNS).

How vendor alt-account verification works

Every vendor binds a Roblox alt account to their bloxstrike.net profile before they can list. Verification is a two-step codeword:

  1. We give the vendor a one-time codeword (a string like bsx_42f9a1).
  2. They put the codeword in the alt's Roblox profile description.
  3. Our cron (lib/jobs/vendor-alt-verify.ts) scrapes the alt's profile and confirms the codeword is there. Status flips from PENDING_VERIFY to ACTIVE.

This proves the vendor controls the alt account they claim to control. When a buyer sees Alt verified (green chip) on an offer, that's what it's pointing at.

Discord auth (none yet, but it's coming)

Today, signing in to bloxstrike.net is Roblox-only. Discord linking — for vendor application, dispute notifications, and codeword profile verification on the Discord side — is on the roadmap (P1, mirrors the sniperduels.shop pattern). When it ships, the OAuth scope will be limited to identify (your Discord username + ID) — never email, never message scope, never server scope.

What to do if you suspect a phishing attempt

  • Don't click the link.
  • Forward the message to operator on the Discord. We track impersonator domains and ban them at the cloudflare level when we can.
  • If you already clicked and entered credentials: change your Roblox password immediately, reset 2FA, and check your account login history (Roblox shows recent IPs in account settings).

Discord — report phishing + ask safety questions

The fastest way to get a phishing domain takedown coordinated is through the Discord. We also post known-bad-actor handles there as we identify them.

Join the Discord for early access

Vendor applications, payment-rail debugging, dispute escalation, scam reports — all happen in our Discord. Marketplace transactions go live for community members first.

Join the Discord →

Read next

How vendors work

Alt-account verification in detail.

Read
Disputes and refunds

When something does go wrong, this is the recovery path.

Read