On Sunday, the video game world was rocked by a hacking and cheating scandal.
During a competitive esports tournament for Apex Legends, a free shooting video game played by hundreds of thousands of players every day, hackers inserted cheats into the games of two well-known streamers and revealed facts during the game. It looks like the top player was hacked.
“Wait, what the hell? I'm hacked, I'm hacked, bro, I'm hacked,” one of the players allegedly said during a live stream of the compromised gameplay.
The incident forced organizers of the $5 million Apex Legends Global Series tournament to postpone the event indefinitely “because it compromised the competitive integrity of the series.”
During the mid-game hack, the game's chatbot displayed a message on the screen that appeared to be from the hacker. The message said, “Apex Hacking Global Series by Destroyer2009 &R4andom.”
In an interview with TechCrunch, hacker Destroyer2009 took credit for the hack, saying he did it “just for fun” and to force Apex Legends developers to fix the vulnerability he exploited. .
This hack sent the Apex Legends community into a frenzy, with countless streamers reacting to the incident and some players suggesting that Apex Legends is not safe to play. Because not only are all players at risk of being hacked in-game, but they can potentially be hacked as well. Their computers were also hacked.
Destroyer2009 declined to provide details about how it allegedly succeeded in hacking two players during the game or what specific vulnerabilities it exploited.
“I don't want to go into details until everything is fully patched and everything is back to normal,” the hacker said. The only thing Destroyer2009 said about the technique used was that the vulnerability had “nothing to do with the server, I've never touched anything other than his Apex process” and that the two players only that it did not directly hack the computer.
Hacking “was never out of the game,” he says.
Destroyer2009 said he did not report the vulnerability to Respawn, the video game developer behind Apex Legends, and that neither it nor the game's publisher, Electronic Arts, had privately reported the security flaw. He said this is because it does not offer a bug bounty program that financially rewards hackers and researchers.
“They know how to patch things without anyone reporting them,” he said.
Destroyer2009 said of the hack he made during the tournament, “It got spread, but not many people used such exploits in a way that was completely harmless to players.” Ta.
“Imagine, if it wasn't a joke and the cheat didn't include a meme, if a cheat showed up in a tournament, I'm sure it could ruin a person's career.” Destroyer2009 defended his actions. He tried to show that he had no malicious intent.
Apex Legends competitive game screenshot. It looks like the player was hacked and suddenly got cheats.
When Destroyer2009 allegedly hacked one of the players and inserted cheats into the game, a window appeared on the player's screen displaying a menu of tools that could be used to enable various cheats in the game. I did. One of his options in the cheat window was “VOTE PUTIN”.
Destroyer2009 said the window is part of a genuine cheat software, but it is not publicly available, and its menu has been slightly modified due to Sunday's hack. The hacker also said he targeted a specific player called Geburten. imperial hullBecause “they're just good people.”
“You are free to give them attention and input,” he added. (Both players did not respond to multiple requests for comment.)
On Tuesday, Respawn, the studio behind Apex Legends, Posted a statement on X (formerly Twitter)deal with the incident.
“Our team has rolled out the first in a series of layered updates to protect the Apex Legends player community and provide a safe experience for everyone,” the statement said. That being said, there are more details about what this first update is and what happened on Sunday.
Connor Ford, who works on Apex Legends' security team, wrote to X that he and his colleagues are working to resolve the issue. “The team on this team is some of the most talented I have ever had the pleasure of working with. All I can say is that the care and love shown by everyone involved has made this game a success.” I just want to say thank you to my colleagues and developers.” ford wrote.
Contact Us Do you know more about this hack? Or is this another video game hack? You can contact Lorenzo Franceschi-Bicchierai securely from any non-work device on Signal (+1 917 257 1382) or on Telegram, Keybase and Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Neither Respawn nor Electronic Arts responded to TechCrunch's requests for comment on the hackers' claims or disputed them.
Easy Anti-Cheat is the developer of the anti-cheat engine used in Apex Legends (and several other games). said in a statement on Monday. “We are confident that there are no exploitable RCE vulnerabilities within the EAC.” RCE (Remote Code Execution) is a security flaw that allows hackers to remotely execute malicious code on a target device, such as over the Internet. This is one of the worst types of vulnerabilities because it can give hackers direct access to the target computer.
There is currently no public evidence pointing in that direction.
Despite the attention his hack has generated, Destroyer2009 suspects that others will find out about the vulnerability he used and how to exploit it before it is patched. , said, “Players have nothing to worry about.”