We here at Marketplace.tf would like to wish you all a merry Smissmas -- and a happy every other hat-themed Winter Holiday as well!
Good tidings are nice, but you know what's nicer? Well, an end to global war. That's a bit too hard for us, but perhaps you'd be interested in some chilly discounts?
This year, we've got three different gifts for you. To redeem the following codes, simply type in the relevant coupon code on the checkout page. Make sure that you redeem these quick: they deactivate at the end of December 25th!
Note that these coupon codes cannot be combined with any other coupons. All codes may be used any amount of times until they deactivate.
Merry Smissmas!
Last year we went through a major reduction in our seller program, and other features of our site. Marketplace.tf was growing too big and too fast for us. Now that we've had a lot of time to regroup and make some changes, we'd like to post a few updates on where we are now.
We're launching our new Twitter account! Come follow us at https://twitter.com/marketplace_tf. We're starting things off with a giveaway which you can enter by going to https://scrap.tf/raffles/RD7ODV and following the instructions.
The Seller Program
Marketplace.tf still has sellers (duh, or else there would be no items). Earlier this year we opened applications to bring a few new sellers onto the site, and we're doing that again now for a limited time. If you'd like to be a seller visit https://marketplace.tf/sell/apply to submit your application.
All our sellers are thoroughly vetted, and have more requirements than before such as identity verification and required two factor authentication.
Dota 2
We've recently brought back support for Dota 2! There's no trade holds for buyers, so any items you buy will be delivered to you right away. Keep an eye out for more games to be supported soon!
Buy Orders
Buy orders have also returned! You can place buy orders as long as you have a supported credit card and have gone through our card verification process in your account page.
tl;dr: From December 15th 2020, it will no longer be possible to sell items on Marketplace.tf. Marketplace will still exist, but will only sell items from a small list of hand-selected sellers.
In 2017, we opened the Seller Program to provide the TF2 community with a safe, risk-free environment to trade their items. Our goal was simple, but the task was not. Since that time, we have experienced ever-increasing levels of fraudulent payments, account hijacking attempts, elaborate schemes to scam us via our support system, DDoS attacks, and more. We have witnessed groups of people attempt to manipulate the market by bullying and harassing others into changing their prices. We have seen users' Steam accounts be hijacked at increasing rates in attempts to steal items that they have deposited to Marketplace. In recent months, the TF2 Inventory APIs have also become increasingly unstable and unavailable.
These issues are not necessarily new, and we have done our best to tackle them for some time. Individually, they are not particularly cataclysmic; they are, in many ways, simply "the cost of doing business." However, their combined effect is becoming overwhelming, and we no longer feel that we can continue to operate in the same way. The net gain from the Seller Program is, unfortunately, not sufficient for the toll that having it extracts. To put it simply, it is too much. For these reasons and more, effective immediately, we will no longer be allowing new sellers to sign up. Although there is no immediate impact on existing sellers, we will be removing the ability to sell items on Marketplace on December 15th, save for a (quite small) whitelist of people.
We have not come to this decision lightly, and there are a great number of factors going into it. Ultimately, we feel this is the most responsible and reasonable decision, but we also recognize the issues with a sudden, unannounced closure of the program. In light of that, we will be leaving the Seller Program open (to those who have already signed up) until December 15th, which we hope gives you ample time to prepare and not feel as if this is too sudden or without warning.
Neither Valve nor any other entity is "forcing" this upon us; it is entirely our own decision. Although Marketplace is certainly the largest website on which TF2 items may be bought and sold, it is not the only one; and we see no reason that a new, high-quality platform could not take its place.
We are not instituting this change all at once; rather, we will be progressively shutting down the seller program over the next 4 months, to ease the transition and give the community time to adjust.
No, but there is nothing stopping you. We have set a date of December 15th to provide a structured shutdown plan that provides everyone -- including our staff -- time to prepare and adjust. Marketplace will be largely available (as described in the timeline) until that time. We encourage you to make full use of Marketplace until that point.
After December 15th, we will begin the process of contacting those who have not withdrawn their items or funds. We will utilize every communication channel available to us in order to contact users and inform them that they must withdraw. We will attempt to make reasonable accomodations where necessary, but at a certain point (at minimum, months after the final date of December 15th), we will be forced to take measures for those who refuse. We can initiate payouts without a user's action, but we cannot force them to withdraw their items. After a certain point, for users who refuse to withdraw their items, we will have no choice but to figure out what to do with those items. Our hope is that there are no items left uncollected which we are forced to deal with.
To reiterate, we will not be "confiscating" items left on Marketplace immediately after December 15th. As long as you make a reasonable effort to withdraw your items, you will have plenty of time after the final closing date to collect them. The only users who need worry about their items are those who refuse to withdraw them for some time after the closure of the seller program.
The largest change you'll notice is that after December 15th, there will be a more limited selection of items on Marketplace.
We recommend that you make use of any Wallet Funds or Gift Cards, if you have any, before December 15th. After that date, you may find that there are fewer items you want to purchase.
We will make available a tool to download and export your data, regardless of where you live. We will update you when this is fully ready. We hope to have this available by September 1st at the latest.
If you would like to delete your data, we already can do this; please contact support. Please note that we obviously cannot delete every piece of data; for example, when you make a payment online, the merchant is required to store data about that payment (including billing information), and not delete it. By design, we do not store (or ever receive) your full credit card number or CVV. Also, for obvious reasons, if you delete your data, we won't be able to offer the ability to download it afterwards.
We have never sold anyone's data and never will.
Wallet Funds and Gift Cards may still be used before, and after, December 15th. However, we recommend you use them before that time.
We will offer refunds for any unused Wallet Funds, Gift Cards, Shelf Space, or Sponsored Listings.
Please contact support to request a refund for these items.
If for some reason you are unable to access your account by December 15th, and still have items/funds to withdraw, we will make efforts to contact you and work out a solution. If you are unable to access your account due to lost two-factor or other account security issues, please email lockedout [at] marketplace.tf and we will work with you to verify that you are the owner of the account and restore access.
Update 2: At this time, it's pretty clear that any possibility of a new Remote Code Execution exploit having been developed is essentially null.
While personally we did not think it reasonable that the release of source code of a massive project (such as the TF2 codebase) would result in the discovery of a major RCE exploit within hours, there was a clear demand for an unpacking of the situation from a reputable source. It seemed irresponsible to recommend that others simply play the game, even if the chance of any real risk was quite low.
The truth is, the discovery of an exploit on the scale of an RCE is generally difficult to find (not always, of course), and with a codebase the size of TF2's, it would take a while to find. Additionally, those willing to deal with disassembled/decompiled code have always been able to poke around with the game's client code (well, a version of it). The source code leak made things easier, but would not accelerate discovery of an exploit to the extent that'd be required for something to already have been developed.
Ultimately, the leak of this code is of great concern to Valve, but it's probably mainly Valve that has to worry about the negative consequences of such a leak. It may make cheat development easier, but the truth is that code compilation / obfuscation is never going to prevent attackers from getting what they want; only make it more difficult. (See the bit about security being in "layers" down below).
Update: It's come to our attention that a small amount of internal item server / GC source files are included in this leak. This means that some of the code running on the TF2 item servers (as of late 2017) can be read by anyone. This does not grant anyone the ability to change the code running on the item servers; only see a historical copy.
While this is a concerning update to our understanding of the situation, it is not as bad as it may appear. The ability to see the code that the servers are running is not the same as the ability to change the code.
In order to utilize this code to exploit the item servers, one would still need to do so by "tricking" the item server, by sending it carefully-constructed messages. For example, one might send it an "open this crate" message which uses a scrap metal instead of a key to open the crate. However, the item servers will already be written to detect such issues (in this example, ensuring that the "key" is really a key). The messaging format and protocols used to communicate with the item server were already document and understood before this leak, and although the leak may help find ways to "trick" the item server, there does not seem to be a major hole left open by the discovery of these files.
We currently see no way these item server source files could directly result in an attack on the ingame economy.
The original unedited article is below for posterity. The contents of the "Trading / Steam API" section are outdated, but the other sections remain accurate.
Some stuff's happening today, and it may have made you say, "Hey! What's going on?"
Let's keep it simple: a 2017 version of TF2's CLIENT source code has leaked. We'll explain what this means shortly; for now, let's go over how this impacts you.
Short answer: While there is no evidence to support the existence of new security holes, out of an abundance of caution, perhaps hold off.
So this is a bit difficult to unpack. You may have seen a video purporting to demonstrate an "RCE" exploit (Remote Code Execution; basically, the most dangerous kind of security hole) in TF2 recently; there is no reason to believe this video is real, and there are issues present that make it apparent that it is not a legitimate exploit.
However, when the full source code of an application is leaked, it makes it significantly easier to find unpatched vulnerabilities in its code (because you have the code). There is no doubt that malicious actors are searching through it at this very moment, trying to find security vulnerabilities. On the other hand, Valve has an active bug bounty program, which means there is profit in finding any such bugs and reporting them to Valve.
Additionally, this source code leak is not completely "new". It is, more accurately, a public leak of a private leak, and it's impossible to know exactly who has already seen this code or for how long. This means that vulnerabilities present in the code could have already been found and abused prior to this leak. This is unfortunately cause for more concern, not less.
Security is a difficult thing to discuss because there are so many unknowns. Any exploits found in this code will have been present in the code long before being discovered, and very well could have been discovered by someone who smartly kept themselves off the radar. Likewise, a security hole has to be discovered before it is dangerous; and if it isn't discovered, it isn't abused. A good rule of thumb is that if it's software, it can be hacked. This doesn't mean you can't make it harder, though.
Security works best in layers. Assume any of the layers can fail, but won't most of the time. Enough layers makes a specific victim too costly to attack, but not necessarily impossible. Anyways, think of your own decisions as a layer in that security. You could set up a Virtual Machine and play TF2 inside it, insulating your main OS from malware due to a possible RCE in TF2's client. However, it might be smarter to just... wait for a little bit. If there are any pressing security concerns, they will be patched in short order.
To sum it up, there is no evidence of a NEW security hole. However, finding security holes has been made easier, and right now, a lot of people -- good and bad -- are trying to do just that. Out of an abundance of caution, perhaps don't play TF2 for a short while until more concrete information is available. It shouldn't be too long.
Short Answer: Trading is fine. The Steam API was not "leaked".
The code that was leaked -- while proprietary, and definitely not something a company wants leaked -- was the TF2 client code; the code for the application you run when you play TF2. This is entirely separate from the TF2 Item Server code. The Item Server code is still completely private, and runs on Valve's private servers.
If the TF2 client were able to mess with the trading / item servers, that would already have been exploited (and has, in the past). However, these are complicated exploits that involve "tricking" the item server, and are quite rare. The TF2 client code does not help an attacker figure out how to trick the TF2 item server. They are entirely separate.
As for the Steam API "leak", there is no evidence to suggest that anything beyond client library files were leaked; these are entirely different from the internal code for the Steam API. This is, frankly, harmless. Even if the internal API source was leaked, it honestly would not likely lead to any vulnerabilities.
Boy am I glad I made you ask! Here's what happened:
Basically, someone involved on a Sourcemodder team (modder teams, oh boy) had access to a private leak of the TF2 source code from 2017 (that's this!). They got kicked off the modder team, and in retaliation, publicly leaked the private leak they had access to.
But what got leaked? The source code for the TF2 client. ("Source" here does not mean "Source" the game engine; "source code" is a programming term, not a Valve one). This is all the code files that get turned into your favorite game. However, there's some stuff missing.
For example, the game might run fine, but it has to connect to the item server. This is entirely different code, which was not leaked, and which was never intended to run on your computer. It's special code, reserved for Valve's super special servers. The game client doesn't have the ability to mess with the item server code; it can only politely request things from the item server. The item server -- fully under Valve's control -- can simply refuse dumb requests like "give me a golden pan." This is why trading is not impacted by this leak.
The "item server" (a misnomer, as I am about to explain) also handles matchmaking. It actually handles pretty much every other "live service" aspect of the game (parties, time-limited events, etc). So you really need this item server for a lot of what makes TF2 "TF2". You might be able to make changes to the game code and distribute your "own version" of TF2, but it would still need to connect to the actual TF2 backend servers (unless you made your own, which is a big task).
Good God, yes. Unless you don't want to. We're cool. There's a pandemic. It aight.
We here at Marketplace.tf would like to wish you all a merry Smissmas -- and a happy every other hat-themed Winter Holiday as well!
Good tidings are nice, but you know what's nicer? Well, an end to global war. That's a bit too hard for us, but perhaps you'd be interested in some chilly discounts?
This year, we've got three different gifts for you. To redeem the following codes, simply type in the relevant coupon code on the checkout page. Make sure that you redeem these quick: they deactivate at the end of December 25th!
Note that these coupon codes cannot be combined with any other coupons. All codes may be used any amount of times until they deactivate.
Merry Smissmas!
We've been hard at work, and we're proud to announce our latest feature: auctions! Although we can't prove that we invented the concept of auctions (although our media team is hard at work figuring out how to do just that), we'll say it anyways. Guys, we just invented auctions!
To kick it off, how about an auction for a Golden Frying Pan with a $100 starting bid? Check it out!
Just like the real world, auctions are best for items whose price isn't concretely known ahead of time. With that in mind, in the beginning, we're restricting auctions to the following items:
We will, of course, be expanding this list to include more types of items as time goes on. Additionally, we will add support for auctioning items from games other than TF2 soon.
We put a large amount of thought into the pricing structure for auctions, and in the end, we decided that the best solution was to go with what we already know works.
Therefore, auctions have the same 10% commission as any other sale on Marketplace.tf.
Before placing any bids, you'll need to add your phone number to your account. This is to prevent abuse of auctions and provide a safe environment for everyone. We will never spam you or sell your data.
When you place a bid with a card, you will not be charged unless you win. When you win an auction, you will have 48 hours to return to Marketplace.tf and pay for the item you won. Failure to pay within 48 hours will result in a permanent ban from placing further bids.
Additionally, to bid with a credit or debit card, you must add a card to your account that meets our verification requirements:
We understand that these requirements may inconvenience some bidders; unfortunately, these measures are necessary to prevent fraudulent transactions.
Bidding with PayPal will be available in the future.
If you have Wallet Funds on your Marketplace.tf account, which are obtainable either by selling items or by purchase, you may bid with that instead of a card.
When you place a bid with Wallet Funds, we will deduct your maximum bid from your balance immediately. This will be refunded if you are outbid.
If your winning bid is lower than your maximum bid, the difference will be refunded to you at the end of the auction.
Note: if you opt to purchase Wallet Funds to bid with, please be aware that they are NON-REFUNDABLE. For this reason, we do not recommend that you purchase Wallet Funds to place bids.
If you've been paying very careful attention over the past week, you may have picked up on a temporary glitch that caused old crates to produce unusuals 100% of the time. You can read Valve's writeup and solution here.
On Marketplace.tf's side of things, we were lucky enough to have shut down all services about 1 hour into the event, but within that timeframe, some users managed to sell some of these "glitched" unusuals to buy orders made on Marketplace.tf. To that end, we will be refunding in full any buy order filled with a "glitched" unusual. This is about 150 unusual hats that we will be refunding. Some users who sold these unusuals to buy orders have graciously agreed to return what they earned through them, but this is a minority of the unusuals; the majority will be refunded by Marketplace.tf.
While we are not responsible for Valve's mistakes, we could have done more to prepare for such an event. We will be instituting safeguards moving forward to detect similar anomalies, as well as providing safety features for those who create buy orders -- such as the ability to set a limit on the total amount spent by your buy orders within a 24 hour period. We'll let you know when this goes live.
Starting now, Marketplace.tf has full support for Dota 2 items. You can now buy and sell any tradable Dota 2 item on Marketplace.tf: Arcanas, Couriers, Weather Effects, Cosmetics, Player Cards, Wearables, and more. We've put a lot of work into this update, and we think you'll like it.
Welcome! For many, this blog post will be your first interaction with our service. We've spent the past 6 years building the absolute best TF2 cash trading website in the world (we've got seniority: we're literally the pioneers in automated Steam trading), and we're finally extending our reach.
Put simply, Marketplace.tf is the best place to buy and sell Team Fortress 2, and now Dota 2, items for cash. We've delivered over 18 million TF2 items so far, and we're larger now than we've ever been.
Our support for Dota 2 items isn't simply tacked on; we've built a great platform for Dota 2 items. Take a look:
With Dota 2 support released, it's not time for us to rest. In the immediate term, we'll be hard at work reading and acting on your feedback to provide the best experience possible.
Additionally, you can read more about our other plans for the future (including more payment methods, payout options, and more) by clicking here.
Finally, if you're interested in trading CS:GO items, please read this post and provide your feedback.
Enjoy!
If you've seen our latest blog post, you'll know that Dota 2 support is coming to Marketplace.tf soontoday
Some have asked why we chose to add Dota 2 next instead of CS:GO (or both at the same time). We think that Dota 2 traders are currently forced to deal with sub-par cash trading services, and we want to offer a high-quality, tailor-made website that Dota 2 traders will appreciate.
More importantly, there are challenges involved in supporting games like CS:GO, which have tradelocks on items post-trade. In the interest of offering a quality service for everyone, this poses a challenge: we don't want to display items that can't actually be delivered upon purchase, but we also don't want to exacerbate the negative consequences of Valve's decision by forcing sellers to wait 7 days before they have a chance to sell their items. Additionally, we have absolutely no desire or plans to attempt to circumvent these trade delays in any way (we're not trying to emulate a website that rhymes with "Flopshins" here).
If you would like to provide your thoughts, please answer this strawpoll, leave a comment, or let us know on our Discord.
This blog post is meant to give an idea of our current plans for the future, but plans can always change. The order of this list is not intended to represent the order in which these features may ship. This list is not necessarily exhaustive.
Surprise! Soon, you'll be able to buy and sell Dota 2 items on Marketplace.tf.
We've put a significant amount of work into this update, and we're really excited about it. Our goal for any game we support on Marketplace.tf is to provide the best service for that game that we possibly can. If we add support for a game, we don't want it to feel like a tacked-on feature; it should be a first-class citizen amongst the other games we support. For example, we've invested a lot of time in our search functionality, offering features nobody else matches (style and gem filters anyone?), and we think you'll like it.
Expect Dota 2 to be available on Marketplace.tf within 1-2 weeks.
We offer the best TF2 trading platform in the world, and that's what we plan to do for Dota 2 as well.
Nope! Marketplace.tf is doing better than ever in the TF2 trading scene, and we don't intend to slow down any time soon. Our TF2 support will continue to get better, with new features and services specific to TF2 (such as the ability to filter by killstreak effects, coming in this update). Additionally, a fair amount of the work we've done to support Dota 2 allows us to improve the TF2 experience on Marketplace as well.
We're working on supporting a number of new payment methods to better serve our international customers. This includes, but is not limited to:
Think something's missing from this list? Let us know!
Marketplace.tf already offers feeless, instant PayPal payouts for all our users, but we can do more. We're investigating multiple options for providing new payout methods -- specifically ones that better serve our international users -- and we'll share more specific information when we can.
Of course, PayPal payouts won't be going away with these changes.
We're working on a brand new help center that will guide our users through all of Marketplace.tf's features and services.
It will contain a number of neatly-categorized, searchable articles that go into specific detail on the usage of the website. The creation of these articles represents a fair amount of work on our end, but will serve to greatly improve user experience. We hope you find it useful!
Although we're not yet ready to talk about it, you can expect Marketplace.tf to continue to innovate in unexpected ways. We're extremely excited for what's to come, and can't wait to show you what we mean. Big plans.