Alternative Finances

Convicted Hacker Finds PayPal Bug?

A PayPal policy loophole, which can be exploited to fraudulently double money, became common knowledge when a convicted former NASA hacker reported it to the bug bounty team at PayPal.

Former Hacker Razvan Cernaianu said fraudsters can double their money by funneling cash into a mule account before filing for a transaction refund, according to the Register.

The recipe to double money at PayPal’s expense requires three PayPal accounts: one of a legitimate buyer, one of a disposable seller, and one of a mule user with virtual credit cards linked to it.

“You transfer the money to the second account with the pretext of buying a phone. From the second account you again transfer the money to the third account as a gift,” Cernaianu explained. “After 24 hours, you use the chargeback function from the first account to get the money back with the excuse that the phone did not arrive on time.”

“As the second account is only a virtual one, it will not have real money from which Paypal can extract,” he said. “Therefore, you are left with $500 restored by PayPal, and $500 in your third account.”

In response to Cernaianu’s report, PayPal reportedly said, “While the abuse described here is possible in our system, repeated abusive behavior by the same and/or linked account(s) is addressed.”

“What’s Hot” is aggregated content. claims no responsibility for the accuracy of the content published by the original source.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment