Last weekend the North American finals of the Apex Legends Global Series was abruptly called off after two players suffered mid-match hacks that enabled cheating software. The word is that this was down to a remote code execution (RCE) exploit, a particularly nasty form of intrusion that's such bad news that Easy Anti Cheat (used in Apex) was stung to issue its own rebuttal asserting "there is no RCE vulnerability" in its software.
Easy Anti-Cheat got out of the gate before EA and Respawn, but the Apex developer has finally commented on the incident. Not that it's saying much.
"On Sunday, a few professional Apex Legends player accounts were hacked during an ALGS event, " says a Respawn statement. "Game and player security are our highest priorities, which is why we paused the competition to address the issue immediately.
- A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
- Marvel Rivals admits that it accidentally banned some players for trying to run the game in a different operating system, which isn't cheating
"Our teams have deployed the first of a layered series of updates to protect the Apex Legends player community and create a secure experience for everyone."
Well, that's all as clear as mud.
To give a brief summary of what went down, during the third match of the day player Noyan "Genburten" Ozkose of DarkZero suddenly found themselves using a wallhack and was able to see every other player. Ozkose dropped out of the match, fearing their team would be penalised. In the next match, Phillip "ImperialHal" Dosen of TSM was unexpectedly and unintentionally equipped with an aimbot. That match was abandoned, and the event was called off until further notice "due to the competitive integrity of this series being compromised."
The official Apex esports account re-posted Respawn's message, adding that: "At this time, we do not anticipate any changes to the Split 1 Playoffs. We will have more information to share on the Challenger Circuit and the NA Regional Finals soon. We appreciate your patience."
The caginess on EA and Respawn's part is down to the implications of an RCE exploit, which can be disastrous and lead to an attacker basically running whatever they like on the victim's hardware. Rockstar was forced to swiftly address a potential exploit in GTA Online last year, while in 2022 the entire Dark Souls series lost its PvP servers for nine months.
Conversely, this is why Easy Anti-Cheat's been so strong out of the gate in reponse to the hack—before this it hadn't tweeted since 2019. A game having an RCE exploit is one thing, but if EAC was the vector then all the other games it's used in could be potential targets (among them Fortnite and Elden Ring).
Apex Legends publisher EA has yet to comment on the attack. I've contacted both EA and Respawn for comment and will update with any response.
