Disaster Massive ‘Apex Legends’ Hack Disrupts NA Finals, Raises Serious Security Concerns - This involved a wild situation where someone was giving the pros hacks like aimbots and wallhacks as they were playing in the Finals event, effectively ruining the entire event without anyone actually attempting to cheat.

Article / Archive [EDITOR'S NOTE: Tweet embeds do not work. I manually put in the tweets.]

Something rather terrifying has disrupted the North American Finals of Apex Legends, and players are now starting to potentially worry about their own accounts and the overall safety of the game.

(tweet)
Respawn and EA have postponed the North American Finals in the wake of the “competitive integrity” of the game being compromised. This involved a wild situation where someone was giving the pros hacks like aimbots and wallhacks as they were playing in the Finals event, effectively ruining the entire thing without anyone actually attempting to cheat. Here’s what that looked like (warning: language):

(tweet)

This shocked players and one even got banned from the game for using an aimbot cheat before Respawn shut the entire thing down.

What’s unclear is the extent of the breach. There is some concern that it might not just be for messing with the pros at the finals, but a larger security issue with the entire game that could affect the wider playerbase. Some creators are claiming on social media that they’ve scanned their PCs and are finding viruses, though there’s so much panic going around there’s no evidence that has to do with this hack. But if the hack could breach a pro match, it would seem to be something that could breach normal players, even if it’s not actually doing so right now. Many believe this is the work of one hacker, Destroyer2009, who has previously been hacking pros, and this was an RCE remote exploit using their PCs, but none of that has been confirmed.

(tweet)
It’s hard to understate just how unprecedented something like this is in a major esports event. A finals event getting put on ice because someone breached the game to give players hacks is simply something that does not happen.

This has led to a mass of complaints about Apex’s anti-cheat systems, which clearly failed in a massive way for this situation. But it also speaks to just how advanced cheats have become as this is a private lobby for pros playing in an esports final.

Not that this is necessarily related, but Respawn was just hit days ago with 23 layoffs including Apex Legends developers, some of whom were longtime veterans. Though if anything, this shows that EA needs to beef up Apex’s security team to some extent as something like this requires all hands, or more hands, on deck than they currently have now, it seems.

Again, there is so much panic going around it’s hard to give actual advice. At baseline, it may be wise to avoid logging into Apex for the time being until EA and Respawn have something declarative to say, as all they’ve done right now is postpone the finals. I would not imagine you have to go to the extreme extent to actively uninstall the game from your PC, but just hold tight for a bit until the dust settles. Hopefully not radioactive, poisonous dust.

Even if this ends here, injecting cheats into pro players accounts to disrupt an event and even get one insta-banned is out of this world. This will need serious exploration and statements from Respawn as soon as possible to get a more clear picture of what happened and how things will be fixed from here.
---
PAST EDITOR'S NOTE (aka me KFer): There is a twitter thread which exposes this:

And this RCE which is shown here (notice the date is 2021):

 

[Hiphopopotamus]

Can't imagine being FROMSOFT, turning off the Dark Souls server to address people being able to RCE through it, only to put a shitty chink anticheat in Elden Ring and AC6 that allows the exact same thing.

 

[LMlurker]

Watching grown men shouting and panicking about their videogame getting hacked is a flavor of cringe I haven't seen in awhile. What's the prize for this thing?

 

[Rei is Shit.]

Some creators are claiming on social media that they’ve scanned their PCs and are finding viruses

>streaming a game makes you a creator

Dr. Fauci, I beg of you, please activate the 5G towers so the vaxx nanomachines can cull the herd

 

[notorietus]

What's the prize for this thing?

"ALGS Split 1 Playoffs set in LA's Galen Center, taking place May 2-5, 2024. 40 elite Apex Legends teams across six regions to compete for $1m prize pool." 1 million smackaroos.

 

[X Prime]

Can't imagine being FROMSOFT, turning off the Dark Souls server to address people being able to RCE through it, only to put a shitty chink anticheat in Elden Ring and AC6 that allows the exact same thing.

Oh, that was better than what was said.

Fromsoft had that reported to them by the person who found it months in advance. They did nothing until the person did a non-malicious live demonstration to force their hand.

Companies do not care about exploits until they get bad press from it.

 

[skunt]

rest in piss apex legends lol. there's no coming back from this

 

[Jones McCann]

I saw this live, it was surreal. They kept the games going after the first hack, the next game ImperialHal was given an aimbot in front of 40k live viewers. Apex Legends runs on a modified source engine, so if Valve has officially patched their games it seems that Respawn has not. Expect it to hit Titanfall as well if so.

 

[Troonos]

Based. "Professional" gaming is gay and cringe, and I endorse fucking with it as much as possible.

 

[Morethanabitfoolish]

Watching grown men shouting and panicking about their videogame getting hacked is a flavor of cringe I haven't seen in awhile. What's the prize for this thing?

Agreed. I have a measure of sympathy though since you know the company's response, without overwhelming evidence that this was done to them rather than by them, will be "you cheated, banned."

Which given it's the company's job to ensure the game's secure is a bit unreasonable.

 

[Mike Matei's Penis]

You run the game on Source, you get what you fucking deserve

 

[Big Fat Frog]

Would this be a problem on other Source games or just ones modified by Respawn?

 

[9gfuwegw9j9]

Would this be a problem on other Source games or just ones modified by Respawn?

Apex Legends runs on a very outdated version of Source Engine that has been modified by Respawn heavily. Most likely just an issue here.

 

[306h4Ge5eJUJ]

You see, in video games, security exploits aren't really a concern, it only has to run fas-

 

[OtherLastTrainHome]

this is honestly one of the most based fucking things to ever happen. giving people cheats and causing them to be autobanned and to have spergtastic meltdowns has never happened before, too - and during a tournament? whoever did this deserves a medal. the only way this could be even better is if the RCE had actually revealed cheating among pro players, because there are many paid-for cheat suites out there which are hidden from stream overlays so you can pretend to be a pro on twitch.

Not that this is necessarily related, but Respawn was just hit days ago with 23 layoffs including Apex Legends developers, some of whom were longtime veterans. Though if anything, this shows that EA needs to beef up Apex’s security team to some extent as something like this requires all hands, or more hands, on deck than they currently have now, it seems.

anticheats long ago crossed over into malware territory and i've been saying forever that they're fucking useless and don't justify how invasive they've become. Apex Legends has one of the most intrusive and frankly illegal fucking anticheats i've ever heard of (or maybe it was Valorant? they're both really bad). regardless, and despite that, they still fail. not to mention cheat software has gotten unbelievably advanced over the last few years. there are many instances of SSDs containing cheat software being soldered into keyboards or even gaming mice that have suitable memory capacity being used on-site at tournaments, too.

and you gotta love how critical problems are reported, demonstrated, and no one ever fixes them. they deserved this.

 

[lost_n'_confused]

Would this be a problem on other Source games or just ones modified by Respawn?

https://nvd.nist.gov/vuln/detail/CVE-2021-30481

Got patched in 2021. Steam is no longer affected by the RCE. However individual games running older versions of source, which have multiplayer, may be affected.

 

[libRT]

Based. "Professional" gaming is gay and cringe, and I endorse fucking with it as much as possible.

Basically came here to say this, Cheating in online gaming is basically an epidemic now and threatens to kill it entirely, honestly wasn't as bad when it used to be blatant but most cheats now try to emulate normal high level play and are difficult to detect. Anti cheats aren't worth shit anymore most popular games have hacks that have been undetected for over a year now. I wouldn't trust any streamer at this point either, especially the popular ones as they can afford DMA and other hardware hacks (99.9999% undetectable, not going to say 100% because in theory it may be possible to detect them even if they spoof the hardware IDs, though out of the purview of people on the anti-cheat teams, they're retarded and stick to old methods of detection)

anticheats long ago crossed over into malware territory and i've been saying forever that they're fucking useless and don't justify how invasive they've become. Apex Legends has one of the most intrusive and frankly illegal fucking anticheats i've ever heard of (or maybe it was Valorant?

Valorant has the kernel level anticheat, ESEA anti-cheat added bitcoin mining to the software.


Personally I was hoping someone made hacks then sold them to pros and then basically exit scammed. I think it would be a great strat to offer cheat devs a couple of million to fuck over cheaters

 

[SleepingBull]

But it also speaks to just how advanced cheats have become as this is a private lobby for pros playing in an esports final.

A private lobby... on the normal internet-accessible servers. Since before the day Starcraft 2 launched, I've heard calls for tournament server boxes, for 'major' tournaments at least. These sorts of events should not be connected to the internet or problems are going to be inevitable. Sure, its a bit of overhead to add something to point the clients to a box on a private network instead of the usual host, and that work would align with what pirates would want done, but it is within reason for games that want to be major esports. IIRC, counterstrike had tournament delays once due to an exploit allowing people to join private lobbies (Something to do with them being sequential, so it was trivial to nudge a private lobby invite to join the next one that was made). DDOS attacks on the hosting server have been a thing a few times in some games as well.

this is honestly one of the most based fucking things to ever happen. giving people cheats and causing them to be autobanned and to have spergtastic meltdowns has never happened before

Supposedly there was some stuff you could do with the source engine "message of the day" html page back in the day to get anyone who visited your tf2 server vac banned. At least before they patched some stuff due to too many crypto-miners using the same basic idea.

 

[Imagine Reading This LOL]

I doubt this is the same RCE that secret club is talking about. Apex uses source but it is completely stripped of any of Steam's API stuff. The exploit they are showcasing relies on steam invites. This is something new.

Edit: I did a quick search of NVD for any exploits that could be it. There was a vulnerability published in June 2023 that allowed for RCEs if a CSGO client connected to a community server and downloaded a specifically crafted config file. Anything else is from circa 2021 and earlier. So I doubt its anything we already know about. Its CVE-2023-35855 if anyone is interested. Possibly a zero day?

 

[Site of Origin]

Basically came here to say this, Cheating in online gaming is basically an epidemic now and threatens to kill it entirely, honestly wasn't as bad when it used to be blatant but most cheats now try to emulate normal high level play and are difficult to detect. Anti cheats aren't worth shit anymore most popular games have hacks that have been undetected for over a year now. I wouldn't trust any streamer at this point either, especially the popular ones as they can afford DMA and other hardware hacks (99.9999% undetectable, not going to say 100% because in theory it may be possible to detect them even if they spoof the hardware IDs, though out of the purview of people on the anti-cheat teams, they're retarded and stick to old methods of detection)



Valorant has the kernel level anticheat, ESEA anti-cheat added bitcoin mining to the software.


Personally I was hoping someone made hacks then sold them to pros and then basically exit scammed.

Its become so bad because there is money on the line on both sides of the equation. Become a fake pro on twitch and rake in cash, or become a cheat developer and rake in cash. The rise of eSports and streaming has certainly contributed to this problem.

At the risk of sounding like an old man yelling at the clouds, this was mostly solved back in the day with community run independent servers. If someone is acting strangely, a quick lobby call to spectate and everyone could weigh in. No modern company has the staff or would want to pay staff to inspect random matches these days.