so what I think the problem is, or how I understand it, is that the person with the stolen CC info buys keys, puts it on reseller sites, and then gets laundered money in return

But the people who had their CC info stolen obviously contact their bank, or their bank does it for them, and tells the marketplace that originally sold the keys "hey those were fraudulent transactions, we need our money back" and get some kind of refund, while the keys stay valid for whatever reason. This can have a negative impact on the developer because not only do they need to return previously made profit, but there is something about people who get X amount of chargebacks that they get penalized for, so its basically like giving the devs a fee for having their game stolen (an actual lost sale), so they lose money on two fronts.

Idk how accurate this information is, but this article basically lays it out as I understand it

When keys are either stolen or bought illegally, the developer in question is always the one who is hurt the most. For transactions that get chargeback, the developer is out the money in the transaction.

[–] carl_the_grackle 1 points 1 year ago

Not if you buy a key bought with a stolen card- the cardholder does a charge back and the g2a seller still gets their money because it isn't their card.