First off, congratulations. You found me, hidden away in the shadows of a music website. You’re not the first. Many have come before you, but they all met the same fate. They failed. Hopefully, you’ll be different. You found me the fastest after all, just in time for the greatest digital heist of the century.

A new online only bank suddenly appeared on the internet: serpentbanking.co. Fresh out of Silicon Valley, funded by ignorant billionaires, Serpent Banking is the perfect target to steal millions. Even better, they are currently running a promotion for their Personal users until the end of the year. This promotion, they call it the Year of the Gnome (YotG), introduced a few bugs in their website. These bugs can be exploited to access the login information of all of their users.

Serpent Banking divides its users into two categories: Personal and Business. A quick look at the source code reveals that the Personal portion of their website is separate from the other one. Luckily, some of the buggy code from the promotion leaked into the other section. On the Personal site, the bugs are very apparent, but on the Business site, they are more concealed.

All of these bugs have left Error Codes scattered throughout their website. Since they can serve as a useful landmark for me to track your progress, I will setup a directory of all of the Error Codes. I will also try to discover what is causing the Error Codes, but, because there are so many, it will take some time to decipher them all. Check in with this website regularly to see if I updated the Error Code Directory. If you ever need any more assistance, please email lowbrass.hints@gmail.com.

Now for your assignment. Obtain the login details of every user and submit them to this website. My guess is the information would all be in the same place according to their category. That’s for you to find out. Try poking around the website. Open pages, open menus, or click buttons. Even though the founders of Serpent Banking are not the brightest, even they aren’t stupid enough to leave the login information in plain text. It will be encrypted in some way.

Using a desktop or laptop is recommended. While both the mobile and the desktop version are corrupted, the desktop version is easier to navigate and it exposes the most severe glitches.

Now, why should you help a hacker like myself? For money, obviously. You will receive 35% of the money stolen from Personal and Business users. Don’t think you can just walk away with the login information. Even if you decrypt it, there are other security measures in place that were not affected by the YotG promotion and I doubt you can handle it. You don’t want to be caught by the FBI with stolen information.