diff --git a/src/Trading.cpp b/src/Trading.cpp
index ab8ce7bb..b6116fa3 100644
--- a/src/Trading.cpp
+++ b/src/Trading.cpp
@@ -5,6 +5,8 @@
 #include "PlayerManager.hpp"
 #include "db/Database.hpp"
 
+#include <climits>
+
 using namespace Trading;
 
 static bool doTrade(Player* plr, Player* plr2) {
@@ -268,19 +270,39 @@ static void tradeConfirm(CNSocket* sock, CNPacketData* data) {
     plr->isTradeConfirm = false;
     plr2->isTradeConfirm = false;
 
+    int64_t newMoney1 = (int64_t)plr->money + plr2->moneyInTrade - plr->moneyInTrade;
+    int64_t newMoney2 = (int64_t)plr2->money + plr->moneyInTrade - plr2->moneyInTrade;
+    if (plr->moneyInTrade > plr->money || plr2->moneyInTrade > plr2->money
+        || newMoney1 > INT32_MAX || newMoney1 < 0
+        || newMoney2 > INT32_MAX || newMoney2 < 0) {
+        INITSTRUCT(sP_FE2CL_REP_PC_TRADE_CONFIRM_ABORT, fail);
+        fail.iID_Request = plr->iID;
+        fail.iID_From = pacdat->iID_From;
+        fail.iID_To = pacdat->iID_To;
+        sock->sendPacket((void*)&fail, P_FE2CL_REP_PC_TRADE_CONFIRM_ABORT, sizeof(sP_FE2CL_REP_PC_TRADE_CONFIRM_ABORT));
+        fail.iID_Request = plr2->iID;
+        otherSock->sendPacket((void*)&fail, P_FE2CL_REP_PC_TRADE_CONFIRM_ABORT, sizeof(sP_FE2CL_REP_PC_TRADE_CONFIRM_ABORT));
+
+        memset(&plr->Trade, 0, sizeof(plr->Trade));
+        memset(&plr2->Trade, 0, sizeof(plr2->Trade));
+        plr->moneyInTrade = 0;
+        plr2->moneyInTrade = 0;
+        return;
+    }
+
     if (doTrade(plr, plr2)) { // returns false if not enough slots
         INITSTRUCT(sP_FE2CL_REP_PC_TRADE_CONFIRM_SUCC, resp2);
         resp2.iID_Request = pacdat->iID_Request;
         resp2.iID_From = pacdat->iID_From;
         resp2.iID_To = pacdat->iID_To;
-        plr->money = plr->money + plr2->moneyInTrade - plr->moneyInTrade;
+        plr->money = (int32_t)newMoney1;
         resp2.iCandy = plr->money;
         memcpy(resp2.Item, plr2->Trade, sizeof(plr2->Trade));
         memcpy(resp2.ItemStay, plr->Trade, sizeof(plr->Trade));
 
         sock->sendPacket((void*)&resp2, P_FE2CL_REP_PC_TRADE_CONFIRM_SUCC, sizeof(sP_FE2CL_REP_PC_TRADE_CONFIRM_SUCC));
 
-        plr2->money = plr2->money + plr->moneyInTrade - plr2->moneyInTrade;
+        plr2->money = (int32_t)newMoney2;
         resp2.iCandy = plr2->money;
         memcpy(resp2.Item, plr->Trade, sizeof(plr->Trade));
         memcpy(resp2.ItemStay, plr2->Trade, sizeof(plr2->Trade));