Exploit in Steam that Allowed Hackers to Add Free Money to their Accounts Has Been Fixed

Valve has rewarded a security researcher will $7,500 for reporting a major vulnerability in Steam’s payment system. This flaw allowed hackers to add an unlimited amount of funds to their Steam wallets. The store refused to disclose whether anyone was able to actually able to exploit this flaw to add money to their wallets.

Researcher “drbrix” reported the exploit that allowed hackers to generate an unlimited amount of funds in their Steam wallets. The bug would allow players with “amount100” in their Steam registered email address to intercept payments via Smart2Pay.

After registering the account, users could continue to add funds to their Steam wallets with Smart2Pay as the payment method, free of charge. The selected amount could have been as little as $1 as attackers then intercepted the POST (data request to the server) request and manipulated it to change the actual amount.

Smart2Pay has not yet commented on the exploit, but a Valve spokesperson said the report has enabled the platform to work with the payment provider to resolve the issue without impacting customers.

Source: Hackerone (Via:

Areej Syed

Processors, PC gaming, and the past. I have written about computer hardware for over seven years with over 5000 published articles. I started during engineering college and haven't stopped since. On the side, I play RPGs like Baldur's Gate, Dragon Age, Mass Effect, Divinity, and Fallout. Contact:
Back to top button