Valve awards CSGO hacker thousands for finding in-game exploits

Alan Bernal

The Counter-Strike: Global Offensive community were shocked to see Valve payout a major bounty to a hacker for finding exploits in their game.

Companies throughout major markets will routinely enlist what are called “white hat hackers” or “ethical hackers” to rummage through their backend systems to find major flaws or exploits which they would then report.

The practice makes it easier for developers to close any potential loopholes or unintended effect on their product that could pose a threat if a malicious hacker or otherwise happens to come across the vulnerability.

One such ethical hacker was surprised to see his work being blasted on the GlobalOffensive subreddit after helping Valve squash bugs they found in the game.

“This is why you report CS:GO Bugs instead of abuse them,” Twitter user ‘DonHaci’ said. “My man 2Eggsss got awarded a total of $11250 in bounties from Valve via HackerOne for reporting critical bugs, which have been patched and solved.”

The hacker named ‘2Eggs’ helped Valve on two separate occasions with major payouts of $9,750 and $1,500 for their services in reporting the bugs.

The exact nature of the bugs 2Eggs found and reported don’t seem to be publicly disclosed, which would make sense seeing as they’re probably a vulnerability that Valve might not want to let general audiences know about.

Many onlookers were stunned to see Valve actually pay people for finding exploits, but the company actually has a long list of what’s in their “scope” for exploits as well as a huge backlog of previous disbursements to hackers.

While there’s apparently a lot of money to be made looking for bugs in Valve’s systems, it’s not a simple task to take on.

In a March 15 public case, Valve paid out $18,000 to a group of hackers who gave a thoroughly detailed report on an issue with a ‘Severity’ level of 9.6 out of what seems to be a 10-rated scale.

An image attached to the report that yielded $18,000. There’s a lot that goes on when breaking down exploits.
600

The report is rife with detailed explanations of how to replicate the hack, where in the code to find it, the impact it could have if “an attacker” found it, and a lot more.

It’s safe to assume Valve likes to keep its products, including CSGO, clean from harmful exploits – making the work of 2Eggs and others incredibly appreciated by fans.