# Apex Legends 2024 Hacking Incident ## Process There was a window suddenly popping up in Genburten's game, and someone said "Apex hacking global series by Destroyer2009 & R4ndom" as him with the in-game chat at a same time, he could see every player subsequently.[^genburten-hacked-clip] The in-game chat is a evidence that Genburten didn't cheat accidentally because normally a cheat engine won't do this. In ImperialHal's case, similarly, he got aimbot during shooting, but there wasn't in-game chat like Genburten encountered.[^imperialhal-hacked-clip] However, it's hard to be he was cheating because ImperialHal has been a top player since a early period[^imperialhal-period] and his aiming is obviously different from aimbot. [^imperialhal-period]: ImperialHal has been a professional player since 2019. https://liquipedia.net/apexlegends/ImperialHal Afterwards, ImperialHal and his teammate, Verhulst's accounts were banned. Currently, whether the bans are because of the injected cheat engine detected by anti-cheat or management permission obtained Destroyer2009 is uncertain. An account named `real_destroyer2009` sent > New Content coming in 1 hour \*this is automated message by R4ndom & Destroyer2009\* in Naughty's Twitch channel, and the server was down in 1 hour after the message.[^naughty-tweet] ## Clarification [A tweet](https://twitter.com/babyducksss/status/1769541847829913925) clipping that ImperialHal downloaded something free is out of context; ImperialHal was actually downloading an antivirus software after the incident. ## RCE Possibilities Although two players were hacked, it doesn't mean Apex Legends client has RCE or Easy Anti-Cheat has RCE; it also could be two individual computers gotten compromised. There's no evidence that shows the incident is related to RCE, jumping to the conclusion makes no sense. Further, if EAC has a such dangerous vulnerability, victimized games would likely be more than Apex Legends. ## Community Reactions The community panicked and thought it was a RCE vulnerability being exploited, even though no one could prove. People spread the misinformation and made the panic more. Some people pointed the finger Electronic Arts and Easy Anti-Cheat, and claimed not to play any game published by EA or using EAC.[^community-reaction-1] Meanwhile, some people started agreeing Destroyer2009 and what they done, and thinking they as a modern Robin Hood. This might be because of the long-term disappointment to EA, especially in most cheat-suffered Asia. [^community-reaction-1]: > 目前APEX上存在潛在的遠端程式碼執行漏洞(RCE)，該漏洞還不確定是來自於遊戲本身抑或是遊戲的反作弊系統(EAC)，建議在他們修復這個漏洞或是發表任何聲明之前都不要遊玩任何EA或是受EAC保護的遊戲。 > Currently there's a potential remote code execution (RCE) vulrenability in Apex, and if the vulrenability is from the game itself or the game's anti-cheat (EAC) is uncertain. Recommends not to play any EA or EAC-used game before they fix it or issue an announcement. https://www.facebook.com/groups/ApexLegendsTW/posts/1662684457803669/ ## Official Responses Easy Anti-Cheat tweeted that they're confident there's no RCE being exploited in EAC on 03-18.[^eac-tweet] Some replies to the tweet thought it was not a guarantee. Apex Legends tweeted after about 50 hours, said the first of a layered series of updates has been deployed to improve the security.[^apex-tweet] This is the first time Respawn Entertainment officially responses to the incident, but the effectiveness is still unknown. Apparently the C-level of Electronic Arts has begun taking action to deal with rampant cheats after the incident, because they were slapped in the face by Destroyer2009 on ALGS.[^wuwei-video] [^wuwei-video]: https://www.youtube.com/watch?v=czjgDjoPVqs ## Related Incidents Destroyer2009 gifted thousands of packs to some streamers without paying money, and spawned many bots in games[^destroyer2009-bot-video]. They seem to have some kind of control of the server to achieve these. Nevertheless, it could be many possibilities: - They can directly access to the server. - The server doesn't check malformed packets sent by clients, so a modified client can do something "impossible" easily. - Also, some people think spawning bots is completed by using legacy functions in the game because there was a Halloween mode spawning NPCs; abuse of legacy functions to cheat has existed for a while, such as dual gun cheating, etc. [^destroyer2009-bot-video]: https://www.youtube.com/watch?v=99c90qO3Nok ## External Links - [Competitive Apex Hacking Incident Megathread](https://www.reddit.com/r/CompetitiveApex/comments/1bhf6pt/competitive_apex_hacking_incident_megathread/) on r/CompetitiveApex - [Apex Legends Vulnerabilities - Breakdown and Interview](https://www.youtube.com/watch?v=-1zxjGxpnqA) on YouTube - [Apex Legends Vulnerabilities - Investigation and Wrap Up](https://www.youtube.com/watch?v=jHf6dkgXfVg) on YouTube [^genburten-hacked-clip]: https://www.twitch.tv/genburten/clip/SparklingDarlingApeKlappa-iYd-e5Nns_gMcGuv [^imperialhal-hacked-clip]: https://www.twitch.tv/tsm_imperialhal/clip/VivaciousBlightedShrewPeanutButterJellyTime-7ImgntRgQpMUob8g [^eac-tweet]: https://twitter.com/TeddyEAC/status/1769725032047972566 [^apex-tweet]: https://twitter.com/Respawn/status/1770285073688137762 [^naughty-tweet]: https://twitter.com/StayNaughtyy/status/1770234530357494022