# Apex Legends 2024 Hacking Incident
## Process
There was a window suddenly popping up in Genburten's game, and someone said "Apex hacking global series by Destroyer2009 & R4ndom" as him with the in-game chat at a same time, he could see every player subsequently.[^genburten-hacked-clip] The in-game chat is a evidence that Genburten didn't cheat accidentally because normally a cheat engine won't do this.
In ImperialHal's case, similarly, he got aimbot during shooting, but there wasn't in-game chat like Genburten encountered.[^imperialhal-hacked-clip] However, it's hard to be he was cheating because ImperialHal has been a top player since a early period[^imperialhal-period] and his aiming is obviously different from aimbot.
[^imperialhal-period]: ImperialHal has been a professional player since 2019.
https://liquipedia.net/apexlegends/ImperialHal
Afterwards, ImperialHal and his teammate, Verhulst's accounts were banned. Currently, whether the bans are because of the injected cheat engine detected by anti-cheat or management permission obtained Destroyer2009 is uncertain.
An account named `real_destroyer2009` sent
> New Content coming in 1 hour \*this is automated message by R4ndom & Destroyer2009\*
in Naughty's Twitch channel, and the server was down in 1 hour after the message.[^naughty-tweet]
## Clarification
[A tweet](https://twitter.com/babyducksss/status/1769541847829913925) clipping that ImperialHal downloaded something free is out of context; ImperialHal was actually downloading an antivirus software after the incident.
## RCE Possibilities
Although two players were hacked, it doesn't mean Apex Legends client has RCE or Easy Anti-Cheat has RCE; it also could be two individual computers gotten compromised. There's no evidence that shows the incident is related to RCE, jumping to the conclusion makes no sense. Further, if EAC has a such dangerous vulnerability, victimized games would likely be more than Apex Legends.
## Community Reactions
The community panicked and thought it was a RCE vulnerability being exploited, even though no one could prove. People spread the misinformation and made the panic more.
Some people pointed the finger Electronic Arts and Easy Anti-Cheat, and claimed not to play any game published by EA or using EAC.[^community-reaction-1]
Meanwhile, some people started agreeing Destroyer2009 and what they done, and thinking they as a modern Robin Hood. This might be because of the long-term disappointment to EA, especially in most cheat-suffered Asia.
[^community-reaction-1]:
> 目前APEX上存在潛在的遠端程式碼執行漏洞(RCE),該漏洞還不確定是來自於遊戲本身抑或是遊戲的反作弊系統(EAC),建議在他們修復這個漏洞或是發表任何聲明之前都不要遊玩任何EA或是受EAC保護的遊戲。
> Currently there's a potential remote code execution (RCE) vulrenability in Apex, and if the vulrenability is from the game itself or the game's anti-cheat (EAC) is uncertain. Recommends not to play any EA or EAC-used game before they fix it or issue an announcement.
https://www.facebook.com/groups/ApexLegendsTW/posts/1662684457803669/
## Official Responses
Easy Anti-Cheat tweeted that they're confident there's no RCE being exploited in EAC on 03-18.[^eac-tweet] Some replies to the tweet thought it was not a guarantee.
Apex Legends tweeted after about 50 hours, said the first of a layered series of updates has been deployed to improve the security.[^apex-tweet] This is the first time Respawn Entertainment officially responses to the incident, but the effectiveness is still unknown.
Apparently the C-level of Electronic Arts has begun taking action to deal with rampant cheats after the incident, because they were slapped in the face by Destroyer2009 on ALGS.[^wuwei-video]
[^wuwei-video]: https://www.youtube.com/watch?v=czjgDjoPVqs
## Related Incidents
Destroyer2009 gifted thousands of packs to some streamers without paying money, and spawned many bots in games[^destroyer2009-bot-video]. They seem to have some kind of control of the server to achieve these.
Nevertheless, it could be many possibilities:
- They can directly access to the server.
- The server doesn't check malformed packets sent by clients, so a modified client can do something "impossible" easily.
- Also, some people think spawning bots is completed by using legacy functions in the game because there was a Halloween mode spawning NPCs; abuse of legacy functions to cheat has existed for a while, such as dual gun cheating, etc.
[^destroyer2009-bot-video]: https://www.youtube.com/watch?v=99c90qO3Nok
## External Links
- [Competitive Apex Hacking Incident Megathread](https://www.reddit.com/r/CompetitiveApex/comments/1bhf6pt/competitive_apex_hacking_incident_megathread/) on r/CompetitiveApex
- [Apex Legends Vulnerabilities - Breakdown and Interview](https://www.youtube.com/watch?v=-1zxjGxpnqA) on YouTube
- [Apex Legends Vulnerabilities - Investigation and Wrap Up](https://www.youtube.com/watch?v=jHf6dkgXfVg) on YouTube
[^genburten-hacked-clip]: https://www.twitch.tv/genburten/clip/SparklingDarlingApeKlappa-iYd-e5Nns_gMcGuv
[^imperialhal-hacked-clip]: https://www.twitch.tv/tsm_imperialhal/clip/VivaciousBlightedShrewPeanutButterJellyTime-7ImgntRgQpMUob8g
[^eac-tweet]: https://twitter.com/TeddyEAC/status/1769725032047972566
[^apex-tweet]: https://twitter.com/Respawn/status/1770285073688137762
[^naughty-tweet]: https://twitter.com/StayNaughtyy/status/1770234530357494022