Wholesalers get them from the devs and publishers, like I said. But they’re not the key sites.
Key Resell Sites, like G2A, don’t often get them from wholesalers. They operate like eBay. The sellers buy them from whatever legitimate source they can use their stolen credit card info at, and then they slap their essentially free key on the Resell Site for pure profit. Some sellers on sites like G2A might be legitimate, buying keys from wholesalers, but too often they aren’t. With a site system like that it’s near impossible to police for stolen goods, as there is no way to verify a key’s origin. Sites like Swappa, which facilitate selling mobile devices, can use things like a phone’s IMEI to check if it’s marked stolen or not. But Valve, for example, provides no way to check a key without redeeming it, and hence there’s also no mechanism for anybody to report a stolen key short of telling the dev/publisher and having them revoke the key which has likely already been used by some unwitting consumer.
Wholesalers get them from the devs and publishers, like I said. But they’re not the key sites.
Key Resell Sites, like G2A, don’t often get them from wholesalers. They operate like eBay. The sellers buy them from whatever legitimate source they can use their stolen credit card info at, and then they slap their essentially free key on the Resell Site for pure profit. Some sellers on sites like G2A might be legitimate, buying keys from wholesalers, but too often they aren’t. With a site system like that it’s near impossible to police for stolen goods, as there is no way to verify a key’s origin. Sites like Swappa, which facilitate selling mobile devices, can use things like a phone’s IMEI to check if it’s marked stolen or not. But Valve, for example, provides no way to check a key without redeeming it, and hence there’s also no mechanism for anybody to report a stolen key short of telling the dev/publisher and having them revoke the key which has likely already been used by some unwitting consumer.