The trading platform for CS:GO got hacked by threat actors

August 19, 2022
Trading Platform CS GO CS Money Hacked Threat Actors Gaming

One of the largest trading platforms for Counter Strike: Global Offensive (CS:GO) called CS[.]Money has taken down its website temporarily after a cyberattack against it occurred. The hackers managed to loot over 20,000 items from the trading platform that are worth a whopping $6 million.

Counter Strike is one of the most famous first-person shooter video games that became free to play five years ago. As of now, it still has solid competitive play, especially in esports, worldwide.

The game supports a virtual economy with weapon skins classified in their rarity, which resulted in the development of the trading site. The website used the Steamworks API to enable players to trade skins with each other.

 

The biggest trading platform that CS:GO supported has collapsed significantly.

 

CS[.]MONEY is one of the biggest trading websites supported by CS:GO that features more than a thousand unique skins for 53 weapons and manages a total asset that reaches $16 million. However, the cyberattack incident dropped the revenue to about $10 million.

The trading platform is still under restoration and has entered its third day of operation shut down. Unfortunately, the impacted users still have not recovered their stolen items.

A Twitter post from the platform stated that it was agreed among other trading sites to block the 20,000 stolen items, preventing the threat actors from selling them.

According to CS[.]MONEY’s head of public relations, the attackers gained access to the MA files used by gamers for Steam authorisation. Subsequently, the adversaries took over 100 bot accounts, including the skins stored by the service, and conducted over a thousand transactions that depleted the items in their accounts.

Initially, the threat actors distributed the skins to their profiles. However, as time progressed, the adversaries executed random transactions dropping items to well-known traders, bloggers, and casual users unrelated to the illegal activity.

Many researchers believe that the distribution of the stolen items to different users is an attempt by the hackers to hide their tracks and make attribution harder.

Another attempt to deceive CS[.]MONEY’s response team was to develop numerous fake messages that mention various third-party trading platforms, to obfuscate the problem source.

The trading platform then detected a decrease in item count on the service and received several user reports regarding the suspicious exchange offers. Fortunately, CS: MONEY immediately acted to obstruct the attack, but it had already done significant damage before they took it down.

About the author

Leave a Reply