Is buying an OSRS account safe in 2026?

Mostly yes. It's safer than buying gold, but it's not zero-risk and the rules tilted against buyers in September 2025. This post covers what changed, what Jagex actually bans for (and what they do not), what I do on the seller side to keep risk low, and what you should do in the first hour after a purchase to keep the new account clean.

What changed in September 2025

Jagex changed how they treat account-side buying in September 2025. For most of OSRS's history they went easy on buyers. The escalation path used to be a warning, then a temporary ban, with permanent reserved for repeat offenders. That is gone now.

On 16 September 2025 they posted A Message About Real World Trading and said it plainly. Their words: "historically we've treated the buyers more leniently than the sellers when issuing penalties for real world trading." Then the pivot: "our agents will issue bans, temporary or permanent depending on the situation, even for first offenses" and they would be "confiscating items from the offenders."

Buyers who came back after a 6-day ban found their gold gone and their imbued items reverted. One commenter on the follow-up r/2007scape thread cited a 1.2b bank reduced to 80m. Item-service buyers (fire cape, fighter torso) got temp bans with the items removed.

A few months earlier in April 2025, Jagex also expanded the definition of RWT itself to cover "buying or selling in the real world, for real money or in exchange for anything of value, things that relate to Jagex accounts." Out-of-game promotion of gold sites in exchange for gold is now RWT. So is a Discord-server giveaway in exchange for an in-game item.

Enforcement scale has gone up too. As of April 2026 Jagex reported 9.7 million OSRS macro bans in the prior twelve months and 165,200 RWT bans in the same period. March 2026 alone hit 2.25 million macro bans. The monthly numbers are aggregated at aggrgtr.com.

If anyone tells you Jagex does not actually enforce in 2026, they have not been paying attention.

Buying an account is not the same as buying gold

Buying an account does not generate the in-game evidence trail that buying gold does. This is the distinction most safety articles paper over.

Buying gold leaves a transaction record. You receive GP from another player. If that player is flagged as a known RWTer, Jagex has a trade they can act on. There is a r/2007scape thread from December 2025 where a buyer escalated their ban to a European consumer-protection agency, Jagex disclosed the evidence, and the basis was a single trade from July: "the ban is based on a single trade that occurred on 15 July 2025, where I received 50M GP from a player they describe, and I quote, as a 'known real-world trader.'" The ban arrived two months after the trade. Confiscation included. That two-month gap is the outlier, not the norm. Most buyer-side ban echoes land within 2 days of the trade that caused them, up to a week at the far end. Multi-month delays tend to happen when Jagex is targeting a wider operation by email domain rather than acting on a single trade.

Buying an account is structurally different. You are not receiving GP from anyone. You are logging into an account that was not on your radar yesterday. There is no in-game transfer for Jagex to look at. The risk shape is different.

I have been on the other side of an RWT ban once, fwiw. A few levels short of a second max cape, permbanned for selling 2b. It stings. The buyer-side version of that lands harder in 2026 than it did then, but the trigger for me was something I actively did in-game, not anything about how the account was created. Worth keeping in mind: the risk isn't the purchase, it's what happens after.

What can actually go wrong with an account purchase

Three failure modes, ranked by how often I see them.

1. The seller recovers the account after you pay

The biggest single risk in the niche has nothing to do with Jagex. A seller hands you credentials, takes payment, then uses the original email or Authenticator they kept to recover the account back. Common on Sythe scam-report threads with titles like "Scammed by [seller], account recovery after purchase." The seller is the threat, not the game.

Vouches help but they are a floor, not a ceiling. Scammers buy donor status, collect a handful of legitimate vouches, then run a bulk recovery scam across multiple buyers in a single weekend. The vouch threshold rules out throwaways. It does not rule out long-cons.

What actually helps: automated delivery (no human in the loop who can withhold), original credentials that stay on a buyer-facing order page (so the credentials are not lost when you change the live ones), and a seller running their own infrastructure they would lose by scamming once.

2. Delayed Jagex ban for the account's prior history

Most accounts on the legit market are clean. Some aren't. The buyer cannot easily tell, and Jagex's ban decisions for prior offences can land weeks or months after a sale. This is the gap a replacement guarantee is supposed to cover.

If a seller's answer to "what happens if it gets banned" is "trust me," that is not a policy, that is a vibe. Get the terms in writing somewhere indexable. My version is on the FAQ page. The short version: I replace accounts that were banned for causes that pre-date your delivery date. If you break the rules and the account is banned after delivery, that's on you. There is no other replacement path.

3. You trigger an RWT flag yourself after purchase

The trap a lot of buyers do not see. Even on a clean account, post-purchase behaviour can trip a flag. The classic case is accepting a large GP transfer from a random player who turns out to be a known RWTer. The 50M-from-known-trader thread above is exactly this. The new owner did nothing wrong on the buying side. The post-purchase trade was enough.

Treat the account like it is under probation for the first month. The two things to actively avoid are accepting gifts from random players (yes, even from people who seem helpful) and running gold-swap services on it. Either can trip a flag even when the account itself is spotless.

What I do on the seller side

Briefly. A buyer can verify all of this independently.

• Every account is sourced from Eternal Accounts and further trained by me. I do not resell from random Discord sellers. The supply chain is short and the source is one operator. More context on this is on the about page.
• Automated delivery on every order. Credentials go from Sell.app straight to your order page and the receipt email. There is no "I will DM you later" step that creates a withhold window.
• Original credentials stay retrievable on your /orders page indefinitely. Fetched live from Sell.app, never stored on my side. If you change the live account credentials for safety, the original delivery is still on file for any later replacement claim.
• Replacement guarantee for accounts banned for causes that pre-date your delivery date. Anything after delivery is on the buyer. Full terms on the FAQ page.
• 4,000+ positive reviews across Eldorado, Sythe, and Discord since 2018. The aggregate is on the vouches page. Zero marketplace bans across that run.
• Crypto checkout that does not ask for buyer ID, payment-processor receipt, or anything else that ties an OSRS account to your real name. Cards via Stripe still work, just not the default.

What to do in the first hour after you buy

The first hour after you take ownership is where buyer-side risk is highest. Run through this on every account, regardless of who you bought from.

1. Change the recovery email to one you own. Ideally a fresh mailbox with 2FA on the email itself. The email is the account's actual key: if a hijacker gets to the email, they can reset everything else. Set this first.
2. Change the password. Unique, strong, not used anywhere else, not in any password manager that has already been breached.
3. Add the RuneScape Authenticator. Save the backup codes offline somewhere you will still have access to in a year.
4. Set a bank PIN with a long delay. A 7-day pending PIN means that if anyone hijacks the account, they have to wait out a full week before they can touch the bank. Longer than most attackers' patience window.
5. Do not accept gifts from random players for at least a month. The single most-overlooked rule. The trade record is what gets flagged, not your intentions.

One note on "no registered email" listings (mostly relevant to Legacy-format accounts where no email was ever set): it cuts both ways. The upside is that the seller cannot recover via the original email. The downside is that if Jagex ever locks the account, recovery is hit-and-miss. Sometimes you can register the original email on a fresh mailbox you control and the password-reset email lands there. Sometimes Jagex just doesn't send the unlock email at all and there's no further recourse. Sellers who push "no email" as their main feature are often using it to dodge accountability rather than to protect you.

The replacement-guarantee tension

A nuance worth being upfront about. My replacement policy needs the original credentials unchanged for verification, because that is how I prove I sold you the account that got banned. The first-hour playbook above says to change everything immediately. Both are true, and they don't actually conflict.

The original credentials I delivered to you stay on your /orders page on this site forever, fetched live from Sell.app. You can change the live email, password, and Authenticator on the account, harden it for actual use, and still have the original delivery on file if you ever need to claim a replacement. Bookmark your order page, keep the email I sent receipts to, do not lose access to the verified email on this site. That covers the replacement path.

Quick pre-purchase checklist

If you are buying from any seller, not just from me, run through this:

None of these on their own prove a seller is safe. All of them together raise the bar enough that the scam-recover-bulk-buyers pattern stops being viable.

If you actually want to buy something

If you have read this far you probably already have a sense of whether you trust the source. The accounts in stock right now are on the home page. Filter by what fits, click buy, the delivery is automated. If anything looks off afterwards, my Discord is the support surface and I answer my own tickets.