In recent days, the Twitch streaming community has been taken aback by an unexpected phenomenon: streamers receiving donations that reach the staggering amount of $100 million. While these donations are undoubtedly fake, the underlying cause and potential implications have raised eyebrows and concerns among streamers and viewers alike.
Over the weekend of September 16-18, several Twitch streamers, including prominent figures like Forsen and Jankos, reported receiving these astronomical donations. Forsen, a popular Minecraft streamer, was left baffled upon receiving a $100 million donation during his livestream. Similarly, League of Legends streamer Jankos was taken aback by a nearly $19 million donation, followed by another $8 million. The donations came with descriptions hinting at potential hacking or exploitation, such as “hackerone > twitch.”
The community’s speculation points towards a potential exploit within Streamlabs, a popular tool used by streamers for donation management. The primary concern is that while these exorbitant amounts are easily recognized as fake, what stops malicious users from sending more believable amounts, potentially misleading streamers?
While the fake donations have been largely dismissed by streamers due to their implausible amounts, the potential for abuse remains a significant concern. If the suspected Streamlabs exploit allows users to send any donation amount, it’s conceivable that streamers could be flooded with smaller, more believable fake donations. This could lead to confusion, misplaced gratitude, and potential financial miscalculations.
As of now, while the donation prompts appear on video during livestreams, no actual transactions are being processed. This means that these fake donations are purely for show, likely intended to troll or confuse streamers.
Neither Streamlabs nor Twitch has officially commented on the issue. However, this isn’t the first time Twitch extensions have faced security concerns. Earlier in September, streamers encountered chat hijacking and account compromises linked to certain extensions.