Steam has solved a major security problem that allowed players to deposit counterfeit funds into their virtual wallets and fill them with unlimited funds and has rewarded a security expert who found the bug with a tidy $7,500 (APS5,400) for discovering the hole in his system. The exploit that Steam uses to obtain unlimited Steam wallet funds has been fixed by Valve, and the company has awarded the money to security researcher HackerOne. The bug was fixed by Valve and HackerOne was rewarded with the money.
With the help of security researchers, Valve discovered an exploit that allowed a person to forge the value of a repository in their Steam pocket. unlimited Steam wallet funds Exploitation was made more difficult, for example, by the fact that a deposit of one dollar became a right to a deposit of 100 dollars.
Using a link, the potential attacker can then deposit money into his wallet as normal and select payment with Smart2Pay. Once the connection is established, the attacker can continue depositing money into his wallet, as usual, and select payment to use Smart2pay.
At this point, we do not know who could use the exploit, but Valve has been notified and patched it. The bug in Smart2Pay has been fixed, and Valve has confirmed that no user reached out to exploit the exploit and that the service is now closed to those who exploited it. Valve and Drbrix did not know at the time whether anyone was capable of exploiting such exploitation successfully, but they were informed of the solution by Valve.
A programmer calling himself Drbrix discovered that Steam users could deposit unlimited amounts of money into their Steam wallets via an exploit linked to Dutch payment platform Smart2Pay. On August 9th, the hacker alerted Drbrix Valve about a Steam Wallet – Exploit, which involved changing your email address and intercepting transactions using the Smart2Pays payment method. Together with HackerOne, researchers from Drbix reported that they found an exploit that allowed hackers to generate funds in Steam’s virtual wallet indefinitely.
The person who informed Valve about the exploit received a $7,500 bounty for his report and wrote that this was helpful in identifying a real business risk. A Valve employee named Jonp thanked the users of HackerOne and Drbrix for notifying Valve and explained that Valve validated their report and took steps to fix the Steam Wallet Exploitation, which changed email addresses and intercepted transactions using the Smart2Pay payment method.
Drbrix was invited to try the exploit first, which was tried by Valve and Jonp, who put a $7,500 (PS5,400) bounty on Drbrix and upgraded the problem to medium-critical. The $7,500 bounty is a large sum, but it is justified when compared to the potential financial damage that the Valve exploit could cause. Valve and Jonp have changed the severity rating to “critical” to reflect the potential cost of applying the bounty to Valve. Jonp noted that he raised the rating to critical in the hope of hearing from researchers about the exploit.
If the error went unnoticed and could have caused irreparable damage to the giant online gaming marketplaces Steam Wallet, which account holders use to save money and buy games. The bug was fixed after it was reported by a third-party security researcher, but it is unknown who could have used it.