Game key reseller G2A has been in the news quite a bit lately, and not for good reasons. Publisher tinyBuild accused it of selling $450,000 worth of its games without paying it anything, leading to a dispute that culminated in an offer to pay developers ten percent of all sales made through the site—a step in the right direction, but far from a solution. But how does something like that actually happen? Kotaku dug into it, speaking with MangaGamer, a localizer of adult visual novels that recently suffered big losses as a result of stolen keys, and also to the person who actually stole them.

MangaGamer first noticed a problem in February, according to the report, when it saw that a single IP address was being used to create new accounts, purchase games, and then refund them. When one account was banned, another would appear; different credit cards were used to make the purchases, and the number of games being bought kept going up. Worse, each time the site's payment processor discovered that the credit cards were stolen—which was every time—MangaGamer would get hit with a hefty chargeback fee.

“When a chargeback occurs on purchase of a $40 game, we lose both the $40 from the canceled sale, and take a $30 penalty,” PR Director John Pickett said. “So at a hundred fraudulent purchases, that’s $3,000 lost; $30,000 if there are 1000 keys stolen.”

The site put up a blog post explaining the situation, which someone claiming to be the hacker replied to. Kotaku reached out to the individual, and with help from MangaGamer was able to verify his identity. He claimed to be a “famous hacker” in Brazil, and said he was doing this sort of thing regularly, because it's easy and the odds of being caught are very low. Simply put, he acquires keys with the stolen cards, then immediately resells them on sites like G2a, and while he's not making huge book—he said he earned more than $500 selling MangaGamer keys—it's pure profit. And publisher can do little to stop it, because chargebacks can take weeks or even months to come in.

It's an interesting report, and it goes right to the heart of the problem: People want cheap games, and it's easy for unscrupulous individuals to provide them. And while sites like G2A aren't necessarily doing anything illegal, they're clearly a vital link in the chain. “G2A [is one of the] great sites to sell fraudulent keys,” the hacker said. “The keys of commerce [are] quick and easy, and there is [not] much bureaucracy.”

Read the whole thing at Kotaku.