Valve Pays Researcher $7,500 For Finding Unlimited Steam Wallet Bug

/ 10 months ago
steam logo mds

As you may be aware, many online companies offer bug bounty programs to people known as white hat hackers. The basic premise of this is that although they do their own in-house security testing (or at least they should), it’s often far more cost-effective and successful to simply open to the doors to regular people out there with the trade-off that if they do find a serious problem, a payout will be issued. – Well, following a report via Eurogamer, it would appear that Valve has just paid one such person a pretty substantial $7,500 reward for finding a confirmed glitch within Steam that could’ve potentially allowed people to fill up their ‘wallets’ with seemingly unlimited amounts of currency.

Valve Pays $7,500 in Successful Bug Bounty Claim

Spotted by a user known as “drbrix” back in August last year they submitted a ‘bug bounty’ claim to Valve, claiming that they’d found a means of adding practically unlimited funds to a Steam Wallet by simply utilising a bug within the email system. Now, admittedly, it’s a little more complicated than that, but the short version is that it was proposed that people with “amount100” in their Steam account email address could successfully intercept payments made to the associated wallet (made via Smart2Pay) and then artificially inflate them. – With this, it would be possible to basically add 10 dollars worth of credit and fiddle the numbers to change this to $1,000.

Upon the report, Valve investigated the matter themselves and confirmed that this exploit did indeed exist. It has, therefore, since been fixed. Therefore, to reward “drbrix” for their efforts, they have just cut them a cheque for $7,500. Not without a bit of controversy from the community, though.

steam games valve

How Much is Enough?

The key factor in the controversy here is that if “drbrix” had made the glitch a matter of public knowledge, rather than reporting it as they did, this could’ve potentially cost Valve hundreds and thousands of dollars before they found a means of fixing it. Let alone discovering what was happening in the first place. – As such, many within both the gaming and ‘white hat hacking’ community are questioning whether $7,500 was really a payment sufficient to reward the merits of the discovery.

Microsoft, for example, regularly issues huge (often 6 figure) payouts for people who discover problems with their software/hardware. While this is, of course, based on the severity of the exploit, the bottom line here is that if “drbrix” was a significantly less ethical person, this bug in the Steam Wallet payment system could’ve cost Valve a colossal amount of money that it may have taken them years to detect.

So, I guess it boils down to a matter of opinion, but in a nutshell, many think the $7,500 payment was a bit stingy of Valve. – But what do you think? – Let us know in the comments!

Topics: , , , , , , , , ,


By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram
  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features

Send this to a friend