On Sunday, the world of video games was rocked by a hacking and cheating scandal.
During a competitive Apex Legends esports tournament, a free-to-play shooter video game by hundreds of thousands of Players daily, hackers appeared to insert cheats into the games of two well-known streamers – essentially hacking players midgame.
“Wait, what the hell? I’m being hacked, I’m being hacked bro, I’m being hacked,” said one of the players who was allegedly hacked during a live stream of the game.
The episodes forced its organizers Apex Legends World Series The tournament, which has a total prize pool of $5 million, to postpone the event indefinitely “due to the competitive integrity of this series being at stake.”
As the midgame hacks were in progress, the game’s chatbot displayed messages on the screen that appeared to come from the hackers: “World series hacking Apex, by Destroyer2009 &R4andom,” the messages read.
In an interview with TechCrunch, hacker Destroyer2009 took credit for the hacks, saying he did it “for fun” and aimed to force the Apex Legends developers to fix the vulnerability he was exploiting.
The hacks sent the Apex Legends community into a frenzy, with countless streamers reacting to the incidents. Some Players suggested that Apex Legends is not safe to play and that any player could potentially be at risk. This could apply not only to the game, but also to hacking their computers.
Destroyer2009 declined to provide details on how he allegedly managed to hack the two players mid-game or what specific vulnerabilities he exploited.
“I really don’t want to go into details until everything is fully fixed and everything is back to normal,” the hacker said. The only thing Destroyer2009 said about the technique he used was that the vulnerability “has nothing to do with the server and I’ve never touched anything outside of the Apex process” and that it didn’t hack the two players’ computers directly.
The hacks “never went outside the game,” he said.
Destroyer2009 said he did not report the vulnerability to Respawn, the video game developer that makes Apex Legends, because neither the company nor the game’s publisher, Electronic Arts, offers a bug bounty program that rewards hackers and researchers for privately reporting bugs security.
“They know how to fix it without anyone telling them,” he said.
Speaking about the hacks he did during the tournament, Destroyer2009 said that “it went viral, but not many people would have used an exploit like that in a completely innocent way for players.”
“Imagine if it wasn’t a joke and we didn’t put memes in the cheat, I’m sure you can ruin someone’s career if a cheat shows up in a tournament,” said Destroyer2009, defending his actions. in an attempt to show that he never had malicious intentions.
A screenshot of a competitive game of Apex Legends where a player appears to be getting hacked and suddenly receives a cheat. Image Credits: Apex Legends/Respawn/Electronic Arts
When Destroyer2009 allegedly hacked one of the players and put a cheat in their game, a window appeared on the player screen shows a menu for a tool that can be used to activate different cheats in the game. One of the options in the cheat window was “VOTE PUTIN”.
Destroyer2009 said the window is part of a real cheat software, but not one that is public and whose menu was slightly modified for the hacks on Sunday. The hacker also said that he targeted those specific players who are passing by Born and ImperialHalbecause “they’re just good guys.”
“Free attention and opinions for them,” he added. (The two players did not respond to multiple requests for comment.)
On Tuesday, Respawn, the studio that develops Apex Legends, posted a statement on X (formerly Twitter)dealing with incidents.
“Our teams have rolled out the first in a series of multi-layered updates to protect the Apex Legends player community and create a safe experience for everyone,” said the statement, which did not provide details on what that first update was. nor details about what happened on Sunday.
Conor Ford, who works on the Apex Legends security team, wrote to X that he and his colleagues are working to address the issues. “The team on this are some of the most talented I’ve ever had the pleasure of working with. All I can say is that the care and love shown by the parties involved makes me grateful for the colleagues and developers in this game.” Ford wrote.
Contact us
Do you know more about this hack? Or other video game hacking incidents? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.
Neither Respawn nor Electronic Arts responded to TechCrunch’s requests for comment on the hacker’s claims or disputed them.
Easy Anti-Cheat, the developers of the anti-cheat engine used in Apex Legends (and many other games), it said in a statement on Monday that it was “certain that there is no RCE vulnerability within the EAC that is being exploited.” An RCE, or remote code execution, is a security flaw that allows a hacker to execute malicious code on a target’s device remotely, such as over the Internet. It is one of the worst types of vulnerabilities as it can give the hacker direct access to the target’s computer.
At this point, there is no public evidence to point in that direction.
Despite the attention his hacks have generated, Destroyer2009 said that “players shouldn’t worry about it” because he doubts others will figure out what vulnerability he used and how to exploit it, before it’s patched.
