The bug has since been patched by Valve.

Bug Bounty Hunter Rewarded For Spotting Unlimited Funds Steam Exploit

A security researcher has been awarded $7500 for reporting a bug to Valve that allowed players to add free credits to their Steam wallet, according to The Daily Swig.

Steam Big Picture trailer
Credit: Valve

Reported via HackerOne, the security expert, drbrix, states that the vulnerability “, allows [an] attacker to generate steam wallet balance” [via Eurogamer]. Essentially, the now patched bug could allow users to artificially inflate payments made via Smart2Pay. Pretty sneaky!

In response to the ethical hacker’s report, Valve praised drbrix while outlining why the bug could have been a huge issue for the platform:


“This was clearly written and helpful in identifying a real business risk. We have changed the severity assessment to Critical, reflecting the potential cost to the business, and applied a bounty accordingly. We hope to hear more from you in the future.”

For context, the $7500 reward granted to dribrix by Valve was done via HackerOne’s bounty system. Basically, the reporting platform allows vigilante hackers to connect with companies and developers in a bid to identify security exploits and bugs. Once an issue has been reported, the relevant company is able to tip the hacker for their services.

Valve logo
Credit: Valve

Valve hasn’t specified whether not anyone was able to take advantage of the exploit. However, thanks to drbrix’s efforts, the bug has now been patched. While Valve was quick to resolve the issue, it wouldn’t have been possible without the security researcher’s report. Ultimately, this incident is a testament to the power of HackerOne as a reporting platform, as well as the “bounty” system that it provides.

Have you ever spotted a Steam bug or exploit? Join the conversation on our social media channels. You can also check out HackerOne for more information on the platform and the services it provides.


Shop With GameByte!

Don’t forget you can find great games and more on the GameByte Shop! Our store is stocked up with the latest games, merch and accessories. In fact, we might even have a new-gen console or two! Sign up to our newsletter to be notified of our console drops, deals and more. However, please note the GameByte Shop is available for UK customers only.

Featured Image Credit: Valve