A loot box is a paid game item that gives a randomized reward instead of a known item in advance. The player pays first, then receives an uncertain outcome such as cosmetic items, upgrades, or currency. Because the value is hidden until after payment, loot boxes sit at the intersection of game design, consumer protection, and security.
In cyber security, loot boxes matter because they create an attack surface around payments, accounts, and trust. Attackers may abuse stolen cards, hijacked accounts, or automated bots to make unauthorized purchases. Defenders look for fraud patterns, add purchase limits, require strong account protection, and provide parental controls and clear odds disclosures. The core security issue is not the reward itself, but the combination of randomness, real money, and online account systems.



