Welcome to Mobilarian Forum - Official Symbianize forum.

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?

PayPal Loopholes Doubles your Money

Alexhost
E 0

Eren

Transcendent
Member
Access
Joined
Jun 25, 2014
Messages
48
Reaction score
974
Points
83
grants
₲2,962
10 years of service
Many of us own a PayPal account for easy online transactions, but most of us don’t have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!!

A loophole in the popular digital payment and money transfer service, PayPal allows its users to double the money in their account and that too endlessly. That means with only $50 in your PayPal account, you can make it to $100, then $100 to directly $200 and so on.
An eBay owned company, PayPal provides a faster and safer way to pay and get paid. The service gives people simpler ways to send money without sharing financial information, with over 148 million active accounts in 26 currencies and across 193 markets, thereby processing more than 9 million payments daily.

According to TinKode a.k.a Razvan Cernaianu, who claimed to have found this loophole in the PayPal service that actually resides in its Chargeback Process which could be exploited to do fraud with PayPal.

Tinkode is a convicted former Romanian ***ker, who was arrested in year 2012 for attacking NASA, Oracle, Pentagon, U.S. Army and many more high profile websites and that time he was ordered to pay damages totalling more than US$120,000.

“A Chargeback, also known as a reversal, occurs when a buyer asks a ****it card company to reverse a transaction that has already cleared” and this could be done when the buyer's ****it card number is stolen and used fraudulently or if seller tries to fraud.

He noticed the flaw while making a transaction using PayPal with a person back in 2010, who was trying to scam him with his money using the same chargeback process. To avoid paying charges, he transfer all his money from his temporary account to his another, real PayPal account. But, when he checked after a month, he noticed that his account balance was negative i.e. $50.

Exactly this trick he demonstrated to PayPal security team, which allows anyone to double their amount endlessly. In a proof of concept explanation he detailed that by making three separate PayPal account with one real and other two verified using Virtual ****it Card (VCC) and Virtual Bank Account (VBA).

“So for example, you have 500$ on your account. You transfer the money to the second account with the pretext of buying a phone. From the second account you again transfer the money to the third account as a gift. After 24 hours, use the charge-back function from the first account (the real one) to get the money back, with the excuse that the phone did not arrive on time. PayPal will initiate a process where both sides bring evidence for their defense. Obviously you will only send evidence from the first account showing that you were scammed. At the end of the trial the money will be restored to the primary account and the second account will have a negative balance of -500$. This way, you doubled the initial amount of money because you still have 500$ in the third account. As the second account is only a virtual one, it will not have real money from which PayPal can extract. Therefore you are left with 500$ restored by PayPal, and 500$ in your third account.”

TinKode already reported the flaw to PayPal Security team for bug bounty and they admitted it as a flaw in their Terms of Service (ToS), but not as a web application vulnerability. “While the abuse described here is possible in our system, repeated abusive behavior by the same and/or linked account(s) is addressed.” PayPal replied.

TinKode is not eligible for bug bounty, but we thank him for exposing this fraud technique that could be already in use by some criminals to generate money illegally. Anyone with little technical knowledge can reproduce this trick.
 
host 6.1K

host

/dev/null
Staff member
Chief Executive Officer
Joined
Jun 22, 2014
Messages
3,239
Solutions
1
Reaction score
60,554
Points
113
Website
katz.to
grants
₲100,347
10 years of service
naputol eren..edit mo nalang heheh
 
OP
E 0

Eren

Transcendent
Member
Access
Joined
Jun 25, 2014
Messages
48
Reaction score
974
Points
83
grants
₲2,962
10 years of service
heheh. . o nga sir e. . namali copy sa pad. .

thanks
 
jughead3716 50

jughead3716

Alpha and Omega
Contributor
Access
Joined
Jun 28, 2014
Messages
5,123
Reaction score
11,452
Points
113
grants
₲127,594
10 years of service
nabasa ko na ang tungkol dito... napatch na ata ng paypal itong bug.. sayang at hindi ko nalaman noon pa.. :D
 
jughead3716 50

jughead3716

Alpha and Omega
Contributor
Access
Joined
Jun 28, 2014
Messages
5,123
Reaction score
11,452
Points
113
grants
₲127,594
10 years of service
qwertyasd1 said:
di na po ba working to

hindi na ito working punkz... napatch na ni paypal itong bug... sayang nga at hindi tayo nakaabot.. hehe.. :D
 
G 0

Garrettrivendale41

Transcendent
Member
Access
Joined
Jan 17, 2024
Messages
41
Reaction score
1
Points
8
grants
₲92
1 months of service
Many of us own a PayPal account for easy online transactions, but most of us don’t have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!!

A loophole in the popular digital payment and money transfer service, PayPal allows its users to double the money in their account and that too endlessly. That means with only $50 in your PayPal account, you can make it to $100, then $100 to directly $200 and so on.
An eBay owned company, PayPal provides a faster and safer way to pay and get paid. The service gives people simpler ways to send money without sharing financial information, with over 148 million active accounts in 26 currencies and across 193 markets, thereby processing more than 9 million payments daily.

According to TinKode a.k.a Razvan Cernaianu, who claimed to have found this loophole in the PayPal service that actually resides in its Chargeback Process which could be exploited to do fraud with PayPal.

Tinkode is a convicted former Romanian ***ker, who was arrested in year 2012 for attacking NASA, Oracle, Pentagon, U.S. Army and many more high profile websites and that time he was ordered to pay damages totalling more than US$120,000.

“A Chargeback, also known as a reversal, occurs when a buyer asks a ****it card company to reverse a transaction that has already cleared” and this could be done when the buyer's ****it card number is stolen and used fraudulently or if seller tries to fraud.

He noticed the flaw while making a transaction using PayPal with a person back in 2010, who was trying to scam him with his money using the same chargeback process. To avoid paying charges, he transfer all his money from his temporary account to his another, real PayPal account. But, when he checked after a month, he noticed that his account balance was negative i.e. $50.

Exactly this trick he demonstrated to PayPal security team, which allows anyone to double their amount endlessly. In a proof of concept explanation he detailed that by making three separate PayPal account with one real and other two verified using Virtual ****it Card (VCC) and Virtual Bank Account (VBA).

“So for example, you have 500$ on your account. You transfer the money to the second account with the pretext of buying a phone. From the second account you again transfer the money to the third account as a gift. After 24 hours, use the charge-back function from the first account (the real one) to get the money back, with the excuse that the phone did not arrive on time. PayPal will initiate a process where both sides bring evidence for their defense. Obviously you will only send evidence from the first account showing that you were scammed. At the end of the trial the money will be restored to the primary account and the second account will have a negative balance of -500$. This way, you doubled the initial amount of money because you still have 500$ in the third account. As the second account is only a virtual one, it will not have real money from which PayPal can extract. Therefore you are left with 500$ restored by PayPal, and 500$ in your third account.”

TinKode already reported the flaw to PayPal Security team for bug bounty and they admitted it as a flaw in their Terms of Service (ToS), but not as a web application vulnerability. “While the abuse described here is possible in our system, repeated abusive behavior by the same and/or linked account(s) is addressed.” PayPal replied.

TinKode is not eligible for bug bounty, but we thank him for exposing this fraud technique that could be already in use by some criminals to generate money illegally. Anyone with little technical knowledge can reproduce this trick.
Whoa that is amazing!
 
P 0

ppsy

Transcendent
BANNED
Member
Access
Joined
Feb 9, 2024
Messages
49
Reaction score
0
Points
6
grants
₲25
1 months of service
Di na ata working
 
Top Bottom