Hacker receives US$7,500 bounty for reporting exploit that allowed him to add unlimited funds to his Steam wallet
A resourceful hacker has discovered an astounding exploit which allowed him to generate an unlimited amount of funds for his Steam wallet without paying the full price for it. The manipulation of Steam's payment process turned out rather simple. In his post on Hacker One, the security researcher explained that all he needed was a specific email address that had to be registered with the Steam account.
To put it simply, the email address only needed to include the term "amount5000". The number after the word "amount" indicates the amount of money that would be deposited into the wallet of the respective Steam account. After the email address is registered, a small US$1 payment had to be initiated to receive the amount of funds that is specified in the email address. The hacker has successfully executed this process only to prove his theoretical elaboration.
The exploit supposedly worked with payment methods that use the smart2pay system. Needless to say, Valve has since fixed the critical security flaw and expressed its gratitude towards the hacker with a bounty payment of US$7,500. This happy ending story illustrates that honest behavior can pay off, even online. After all, the hacker could have decided to buy thousands of game keys with his almost free Steam wallet funds.