Hacker DRbrix earned $ 7,500 from Valve after discovering a security flaw in Steam’s payment methods. This person got the way to add unlimited funds by intercepting the connection of any Smart2Pay method and adding funds of any amount and paying only the minimum ($ 1).
Apparently this security flaw must have been there for several years and only until now has someone discovered it, also the one who did it was honest and reported the situation to Valve. Of course he did it for a reward, but it turned out better for him and for Valve’s safety in the end. It is unknown if this flaw could also report problems for users.
One less feat
Drbrix published how to perform this “trick” in Hackerone and there he received a response from Jonp, a user who represents Valve, thanking him for the warning. Shortly after, this person notified that the matter had been resolved and it was no longer possible to modify the request for a desired amount.
Steam owns one of the largest platforms on the market and it is surprising that such a bug has been hidden in plain sight like this. Luckily, they have reacted quickly and according to their own statement, no developer or player was affected by the presence of this bu.
If you are interested in technical details you can read here how the connection was intercepted to pay just $ 1 for any desired amount.