alt Hacker NewsMoney only has meaning as a flow. Value moves from A to B. Forensic analysis can follow this chain quite a long way, which is a problem for people trying to hide illegal activity. They're always looking for ways to break that chain. If OP is correct and this attack allows you to covertly shift money around, that can break the chain and let the bad guys use the illegally obtained funds with legitimate services.
It might look something like:
1) get funds via illegal activity (dirty funds) 2) spends funds at an ecommerce site (dirty funds) 3) secure a paypal refund WHICH GOES TO ANOTHER ACCOUNT (clean funds)
The PayPal vulnerability allows the money to move from a dirty chain to a clean one.
Replies
>2) spends funds at an ecommerce site (dirty funds) 3) secure a paypal refund WHICH GOES TO ANOTHER ACCOUNT (clean funds)
How it breaks the chain?
Account1 buys for 10k USD, requests refund, receives it?
Even if it went for some reason to account2 then there is still the chain, but why would it go to other?
It wouldn't go to another account if you do a dispute, what are you talking about?