A hacker recently discovered a devastating exploit. With a simple trick, it was possible to make Steam multiply the value of money in the Steam wallet. He reported the exploit and received a relatively small reward.
What was this exploit? A bug in the Steam software system allowed a form of money multiplication. Anyone who had the term “amount100” in their user name for Steam could intercept payments made via “Smart2Pay” on the way to the server and artificially inflate them. This way, one could easily turn one dollar into 100 dollars that then appeared legitimately in the Steam wallet.
With that, one could buy all sorts of games on Steam and resell them for money laundering. Criminals could have brought the entire economic system of Valve’s distribution platform to a standstill.
Hacker receives relatively small reward
What was the reward for honesty? The hacker, who goes by the nickname Drbrix, found the exploit, but instead of exploiting it for personal gain, he posted the whole issue with detailed examples on the anti-hacking site Hackerone.
There, exploits and other security vulnerabilities in software can be published to support the fight against criminal hackers and cheaters. Ironically, the exploit was initially classified as “medium” by Dbrix himself, but a Valve employee quickly elevated the status to “critical” since it was a truly harmful exploit.
Thanks to Drbrix’s good documentation, Valve was able to fix the issue quickly and as a thank you, $7,500 (€6,362.89) in bounty was paid to Drbrix.
While this is a nice sum, it’s quite small considering how much money one could have made by exploiting the exploit. In 2020, Riot even had job offers for finding exploits in Valorant.
