Over 1.6 MILLION USD STOLEN from CSmoney
Topic: The BIGGEST HACK in CS:GO history - CSmoney got hacked
Yesterday a horror scenario for every marketplace with bot inventories happened. CSmoney was victim of the biggest ever website hack we have seen in CS:GO history! The total damage done seems to be over 1.6 Million USD and the hacker/hackers had a medium well working plan on how to hide their activity.
Everything that is known so far + a full summary of what happened will follow in this article. Enjoy reading and although CSmoney is surely not the most liked marketplace out there we hope for them and every user that is affected that the situation will somehow get resolved.
Short general explanation
There are different types of marketplaces. On CSmoney you need to send the skin to one of their bots (Steam Accounts that belong to the company and send out skins/accept them when an item gets listed or sold) in order to sell skins. With that CSmoney and also others like Skinbaron and Skinport have a huge inventory of user items on their bots.
The advantage for the companies is that it is very tedious for the user to unlist those items again as the person would need to wait for the trade ban to go over twice. The big disadvantage, that came into play this time, is that they have millions of skin value from user skins/own skins on their accounts that are never 100% safe from being hacked.
On the other hand, there are marketplaces like Buff163, GamerPay, Skinbid, ... where you send skins directly from your inventory when a sale happens. Those marketplaces do not have an inventory or trading bots at all, they just function as a marketplace and bring together buyers and sellers.
The advantage for the companies is that it is very tedious for the user to unlist those items again as the person would need to wait for the trade ban to go over twice. The big disadvantage, that came into play this time, is that they have millions of skin value from user skins/own skins on their accounts that are never 100% safe from being hacked.
On the other hand, there are marketplaces like Buff163, GamerPay, Skinbid, ... where you send skins directly from your inventory when a sale happens. Those marketplaces do not have an inventory or trading bots at all, they just function as a marketplace and bring together buyers and sellers.
The beginning ...
Around 4 am in the morning first reports came out that CSmoney apparently had a major exploit/hack/glitch (as zipeL called it) and sent out items for "free" from their bot accounts to different traders with large inventories. With that big traders like zipeL, Rambofight, TDM_Heyzeus, Anomaly, Gergely Szabo got trade offers sent from different CSmoney trade bots. In the beginning, it was very unclear how catastrophic the situation really was...
Source: TDM Jesus Tweet CSmoney Hack
The big bluff
The hacker had a well thorough thought strategy and exit plan. Seemingly the only purpose of sending out items to the biggest, traders, which actually seem somewhat hand selected by someone in the Twitter community (Own opinion, no proof), was to distract from his own accounts that he sent items to. At the moment 55 of these "hacker" accounts were found by ArrrowCSGO, ChinchillaisGod, Rambofight, 2thyTV and also publicly published. Currently, there are 55 accounts involved in the CSmoney Hack! Here is a spreadsheet with all the accounts and information: docs.google.com/spreadsheets/
Source: Arrow Tweet CSmoney Hack
Medium well thought execution
In theory, this bluff was extremely well thought out. All the scam accounts have one thing in common: They are designed to seem as if they are cash traders and all have similar names with "XXX buying for XX% Buff, CSmoney, ..." The back thought there probably was that whoever looks at all the accounts, that items were sent to, can not really identify which are big traders and which are from the hacker.
The only point that the hacker did not really think of was that all of the big traders mentioned above, that were included in the bluff, are fairly well connected and managed to organize themselves within hours. By including such big names in the scene he also activated some of the biggest brains and most skilled people in the game to research the situation. With that, the seemingly well-planned maneuver developed to people like Arrow finding all of the accounts the hacker owns and reporting all the information to CSmoney within hours.
Source: Arrow Tweet CSmoney Hack
The only point that the hacker did not really think of was that all of the big traders mentioned above, that were included in the bluff, are fairly well connected and managed to organize themselves within hours. By including such big names in the scene he also activated some of the biggest brains and most skilled people in the game to research the situation. With that, the seemingly well-planned maneuver developed to people like Arrow finding all of the accounts the hacker owns and reporting all the information to CSmoney within hours.
What will happen next?
With all the information collected within the first day and probably even more to come, Valve should be able to "undo" the trades and just solve the problem with that, right? We have already seen them doing exactly that in the HFB situation, where one of the biggest collectors in CS:GO history got scammed/hacked.
There is one deciding difference between those two situations. On the one hand, HFB was an individual that according to rumors got victim of a Steam exploit, while CSmoney is a 3rd party marketplace that is accepted but not supported by the guidelines of Valve. With that, it seems quite unlikely that they will support CSmoney with undoing the trades! According to zipeL, it is also very unlikely that they will undo the trades, although he said "I can guarantee you they will minimum ban some of these accounts that got skins" and also said: "Traders who got skins in yesterday's exploit DM me. If Valve decides to step in to revert/ban accounts, you will not want to be on the wrong side of that."
Source: Zipel Tweet CSmoney Hack
There is one deciding difference between those two situations. On the one hand, HFB was an individual that according to rumors got victim of a Steam exploit, while CSmoney is a 3rd party marketplace that is accepted but not supported by the guidelines of Valve. With that, it seems quite unlikely that they will support CSmoney with undoing the trades! According to zipeL, it is also very unlikely that they will undo the trades, although he said "I can guarantee you they will minimum ban some of these accounts that got skins" and also said: "Traders who got skins in yesterday's exploit DM me. If Valve decides to step in to revert/ban accounts, you will not want to be on the wrong side of that."
User items
The big question: What will happen to the community items and how will CSmoney handle the pricing? CSmoney is not really known to have the best pricing when it comes to rare and special items. It would be horrible if they would just refund the price that is calculated by their algorithm!
CSmoney was not too active after the hack. On their Twitter page, they just stated: "CSmoney will be down temporarily after being targeted by a hacking attack this night. We will fix the issue and do our best to restore the normal functioning of the website."
Source: FIGHTER Tweet CSmoney Hack
CSmoney was not too active after the hack. On their Twitter page, they just stated: "CSmoney will be down temporarily after being targeted by a hacking attack this night. We will fix the issue and do our best to restore the normal functioning of the website."
Conclusion
It has to be seen if Valve will intervene and maybe undo trades or ban the hackers accounts, at least the first (undoing trades) for now seems quite unlikely. If the items get banned we would be in a situation of having many high-tier and rare items being banned and with that lost forever and would need to see how CSmoney will compensate their users for the losses.
For now, that is all the information that we could collect exactly one day after the CSmoney hack happened! We will inform you as soon as there are new updates to the situation. We wish everyone involved nothing but the best and hope that everything will get resolved soon! CSmoney also tweeted that people who got questions/need help can reach out to them via support@cs.money!
Date: 14.08.2022 ; 11:56 a.m. CET
For now, that is all the information that we could collect exactly one day after the CSmoney hack happened! We will inform you as soon as there are new updates to the situation. We wish everyone involved nothing but the best and hope that everything will get resolved soon! CSmoney also tweeted that people who got questions/need help can reach out to them via support@cs.money!
Date: 14.08.2022 ; 11:56 a.m. CET
Further Updates on the CSMoney Hack
There are a few news regarding the CSMoney hack situation that we would like to share with you three days after the hack first became public. CSMoney stated that skins worth around 6 Million USD have been stolen, around 1/3 of which are from users.
The hack happened due to hackers gaining access to the Mobile Authenticator files from CSMoney as stated by their Social Media Manager: "We have established that the hack happened due to hackers gaining access to our MA (Mobile Authenticator) files, which are used for Steam authorization. This is why our attempts to reset authorization were futile – the thieves had direct access to the files, which allowed them to control our bots."
Together with BitSkins and other helper CSMoney managed to find out the skin IDs and hacker accounts and together with the help of Steam many of these were already Community Banned and are thus locked on the accounts. We are talking about 19.000+ skins.
Cantry managed to let the list of stolen skins run through his pricing algorithm and reported that the stolen amount seems to be around 6.3 Million USD cash value!
Date: 16.08.2022; 8:57 p.m. CET
The hack happened due to hackers gaining access to the Mobile Authenticator files from CSMoney as stated by their Social Media Manager: "We have established that the hack happened due to hackers gaining access to our MA (Mobile Authenticator) files, which are used for Steam authorization. This is why our attempts to reset authorization were futile – the thieves had direct access to the files, which allowed them to control our bots."
Together with BitSkins and other helper CSMoney managed to find out the skin IDs and hacker accounts and together with the help of Steam many of these were already Community Banned and are thus locked on the accounts. We are talking about 19.000+ skins.
Cantry managed to let the list of stolen skins run through his pricing algorithm and reported that the stolen amount seems to be around 6.3 Million USD cash value!
Date: 16.08.2022; 8:57 p.m. CET
