Respawn postpones Apex Legends Global Series finals after a mid-match hack

The “TSM HALA HOOK” hack tool was used to provide unfair benefits

In an unexpected turn of events that has rattled the esports world, players in the Apex Legends Global Series (ALGS) were subjected to live hacking attacks. The ALGS, a famous tournament series in the battle royale genre, experienced a security compromise during its North American finals, casting doubt on the event's competitive integrity.

The hacking incident occurred during Match 3 of the NA finals, which featured teams DarkZero and Luminosity. Noyan “Genburten” Ozkose, a DarkZero player, was abruptly confronted with a cheat tool called “TSM HALAL HOOK” on his screen.^[1]

This technology appeared out of nowhere, allowing Genburten to observe all players' positions on the map, giving him an unfair edge. The situation gradually deteriorated, prompting Genburten to leave the game and putting his team at a disadvantage. Despite the disruption, the match was not called off, and Luminosity was proclaimed the winner.

The hackers did not stop there; they launched a second attack on Phillip “ImperialHal” Dosen, arming him with an aimbot. The tournament officials intervened, suspending the game as a precaution against additional tampering.

The motive and methods of the hackers remain unclear

The breach of security during the ALGS finals was orchestrated by individuals operating under the aliases “Destroyer2009” and “R4ndom”. Evidence of their involvement was visible in the in-game chat window on Genburten's screen when the cheat tool was launched, bringing the situation to light. This surprise infiltration not only disrupted the ongoing competition but also sparked concerns about the vulnerability of professional gaming events to similar attacks.

The individual claiming responsibility for the hacks, allegedly “Destroyer2009,” later revealed through social media interactions with the “Anti-Cheat Police Department,” a well-known entity for monitoring online game cheating, that a remote code execution (RCE) vulnerability was used to carry out the attacks.^[2]

Remote code execution vulnerabilities are particularly dangerous since they allow attackers to remotely execute malicious code on a target device, potentially giving them complete control over the compromised systems. These vulnerabilities can be caused by a variety of factors, including, but not limited to, defects in the game client, anti-cheat software used to ensure fair play or even the players' own hardware and software environments.^[3]

The particular entry point used by the hackers was not exposed, allowing the community and experts to speculate. This ambiguity over the nature of the vulnerability and how it was exploited contributed to an increased sense of concern and uncertainty within the Apex Legends community.

Anti-Cheat was not found to have an RCE

Many people initially believed there was an RCE bug in the Easy Anti-Cheat software, which was designed to prevent exactly this type of unfair advantage. However, Easy Anti-Cheat's thorough examination put this hypothesis to rest, and they confidently stated the absence of any such vulnerability within their system.^[4]

We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time – we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed

Following this, in a statement addressing the incident a few days later, Respawn Entertainment expressed its commitment to player security:^[5]

On Sunday, a few professional Apex Legends player accounts were hacked during an ALGS event.
Game and player security are our highest priorities, which is why we paused the competition to address the issue immediately.
Our teams have deployed the first of a layered series of updates to protect the Apex Legends player community and create a secure experience for everyone. Thank you for your patience.

Following Respawn Entertainment's revelation regarding the hack, there has been a lingering sense of unease in the Apex Legends community, particularly among PC players. The statement, while reassuring in its commitment to immediate action and future security enhancements, left many details about the hack and the countermeasures undertaken somewhat ambiguous.

This lack of preciseness has raised ongoing questions about the game's security infrastructure and whether the vulnerabilities discovered during the ALGS event were adequately fixed. As a result, a portion of the player base remains concerned about the safety of playing Apex Legends, eagerly anticipating additional confirmation from Respawn on the efforts being made to strengthen the game against such instances.