After being hit with a $6 million hack, cs.money is paying the price on behalf of its users.
In August of 2022, Counter-Strike: Global Offensive skin market cs.money announced that it had been hit with a hack snatching of $6 million in digital assets. After identifying the thief and recovering what it could, there is still around $2 million worth of skins unable to be recovered. How cs.money responds to this scandal will set the tone for the entire third-party CSGO market.
WIN.gg recently spoke with Timofey Sobolevsky, the chief communications officer of cs.money’s parent company EX CORP. He was able to explain some of the details behind the hack and how the company plans to compensate users for millions in stolen skins.
It was reported that around $6 million in skins were stolen as a result of the hack. Did the hackers specifically target high-value skins or was it random?
Timofey Sobolevsky: The hacker had a good understanding of the subject. While sending inexpensive skins to public figures like streamers and traders, he tried to keep a lot of rare and very expensive items worth millions of dollars for himself. Clearly, he knew what he was doing and understood the skins market damn well.
cs.money was able to retrieve some skins immediately following the hack, but not all. Can you estimate the total value of the skins to be compensated?
Actually, it took some time for us to find the hacker and gain control over the accounts he used to transfer stolen items. Unfortunately, some of them were already blocked, and we can’t transfer skins from them back to our customers and us. The evaluation of these skins is almost done, and the total amount to be compensated will be close to $2 million in USD.
How does cs.money plan to compensate sellers whose skins weren’t able to be recovered?
There will be two processes of compensation for the stolen items that we were not able to return. Most of the skins will be evaluated by us with the help of market research. In other words, we will analyze how much an item costs and will reimburse its owner for the same price.
A large chunk of exceptionally rare skins will be evaluated by a group of independent traders that we invited. They will assign fair prices for these items, and we will do the reimbursement based on their valuation. While having this evaluation in mind, we will start the reallocation of our income from cs.money operations, excluding marketing, salaries, and operational costs, to compensate for all the losses of our customers.
Unique skins like souvenir Dragon Lores and Dopplers can be notoriously difficult to price check. How is cs.money estimating the value of such items?
This is why we have invited well-known and trusted traders to help us with the evaluation of skins. With their help, we will be able to assign each item a fair price based on their knowledge of the market and algorithms they use in their business.
From early reports, skins transfers were being done over the Steam network. Did the hack involve cs.money’s accounts getting stolen?
The hacker got access to MA files of our accounts on Steam that we used to store skins. With these files, he was able to gain full access and transfer the items to his accounts.
How has the website upgraded its security since then?
Since we could find the hacker, we know exactly how he got into our system and have already closed the vulnerability. The problem was in the zero-day exploit in one of the open-source products we used in cs.money.
In addition to that, we’ve started a long-term project aimed to review all of our operations and make them more secure and avoid things like that in the future.