Recently, we identified a security issue in our asset escrow system that allowed bad actors to extract encrypted assets from the game client and bypass the safeguards designed to prevent those assets from being used by servers without the permission of the original creator.
We take the security of our platform extremely seriously, and our team is working to resolve this issue as quickly as possible. A big thank you to all FiveM community members who reached out to alert us to the issue β we are, as always, grateful for your vigilance and support.
While we work on a fix, we are immediately implementing two-week suspensions to all servers who are confirmed to have used leaked assets without authorization from the original creator. Moving forward, any servers caught with leaked assets again will be permanently terminated. As a reminder, only Tebex-accredited creators are authorized resellers of FiveM and RedM assets. Please ensure any creators are Tebex accredited before making a purchase.
We will continue to sweep for offending servers alongside any related enforcement actions - meanwhile, we will post any updates as we work to resolve the issue.
We have now implemented an additional layer of obfuscation measures, meaning that the latest exploit method detected should no longer be functioning on GTAV Legacy assets. Over the past weeks, we have been testing these measures with members of our community to ensure they function properly and have minimal impact on performance.
You can re-encrypt your FiveM assets through Portal using the following steps:
(As of posting, any newly uploaded assets will make use of the new encryption format, the above is only for previously uploaded assets.)
Since identifying the exploit, we have suspended hundreds of accounts and servers associated with stolen assets, and permanently banned those confirmed to be in violation after outreach and review.
Unfortunately, no encryption method can be rendered completely impenetrable. The goal of Asset Escrow is to make unauthorized access as difficult as possible while providing mechanisms to actively monitor for resource misuse.
By leveraging these tools, we will continue to identify and take action against servers using illicitly-obtained assets, and provide creators with another layer of protection against bad actors.
If you suspect any servers of using stolen assets, you can fill out a Server Report form here.
Hi all, just a clarification on our last post about Asset Escrow: this new level of obfuscation currently does not cover scripts and only relates to 3D model files.
We are working on an additional update to cover FiveM scripts, and will let you know as soon as this has been applied.
