CS.MONEY, one of the largest platforms for trading CS:GO skins, has taken its website offline after a cyberattack allowed hackers to loot 20,000 items worth approximately $6,000,000.
CS:GO (Counter-Strike: Global Offensive) is the fourth version of the immensely popular multiplayer first-person shooter that became free-to-play in 2018, maintaining the strong competitive play of the series.
It supports a vibrant virtual economy with weapon skins of varying rarity and desirability, which led to the creation of trading sites that use the Steamworks API to allow players to trade skins with each other.
CS.MONEY is one of the largest trading sites of this kind, featuring 1,696 unique skins for 53 weapons and managing a total asset worth of $16,500,000, dropping to $10,500,000 after the attack.
The platform is still restoring its services and has entered the third day of its extended outage, while the impacted users still haven’t recovered their stolen items.
Yesterday, CS.MONEY announced on Twitter that it was agreed among other trading platforms to block trading of the 20,000 stolen items, preventing the hackers from selling them on other CS:GO trading platforms.
How the attack happened
According to a post by Timofey Sobolevky, CS.MONEY’s head of public relations, the hackers somehow gained access to Mobile Authenticator (MA) files used for Steam authorization.
Next, the threat actors assumed control of 100 bot accounts containing the skins held by the service and conducted about a thousand transactions that siphoned the items to their own accounts.
Initially, the attackers sent the skins to their profiles, but after a while, they performed random transactions dropping items to ordinary users, renowned traders, and bloggers unrelated to the attack.
This was likely a poor attempt to hide their tracks and make attribution harder by involving more people in the heist.
Another attempt to trick the platform’s response team was to generate many fake messages mentioning various 3rd-party trading platforms, to obfuscate the source of the problem.
After the platform detected the sharp decrease in item count on the service and received multiple user reports about suspicious exchange offers, CS:MONEY took action to stop the attack but not before $6,000,000 worth of skins had been snatched.
“We will prioritize returning these and compensating the users once we have restored CS.MONEY to a fully-functioning state,” writes Sobolevky.
“All the skins that have been transferred are in trade-lock now, so they couldn’t have been moved further, and we hope to be able to get these back.”
It’s worth noting that Valve, the owner of Steam, can reverse the item transfers if it decides to, but at this time, it’s unknown if the gaming giant is planning to intervene as they have done in the past.
BleepingComputer contacted Valve to ask if they would help with this issue but has not heard back at this time.