An attack on the competitive Apex Legends scene the likes of which we’ve not seen in esports crippled the battle royale and its community on March 17.
A hacker is suspected of injecting cheats directly into ALGS players’ PCs, causing an indefinite region-wide shutdown. From the worries of a major Apex security breach to the status of the ALGS, the incident has far-reaching consequences for the Respawn battle royale. Here’s everything you need to know about the March 2024 ALGS Apex breach.
Genburten, ImperialHal hacked mid-tournament
The Apex hacking incident in question began midway through the ALGS North American Split One finals on March 17. During game four, DarkZero player Genburten froze momentarily midway through the game while a window called “TSM Halal Hook” appeared from nowhere with a list of tools and hacks enabled on his account.
His chat window spammed a message from known Apex cheater Destroyer2009 and Genburten had full access to the Apex observer tool, which included knowing the exact locations of everyone in the lobby—for all intents and purposes, a wallhack.
A flabbergasted Genburten held up his hands to show he had no control over the cheat window that appeared before immediately leaving the game to avoid accusations of cheating, but it wouldn’t be the last incident of the day. TSM player ImperialHal was hit shortly later with an aimbot while firing at an enemy in the distance, his bullets flying off to hit an unseen target in the distance.
Unlike Genburten, ImperialHal remained in the lobby, refraining from firing his weapon until the server was shut down by admins. After attempting to queue for a regular ranked match, ImperialHal and teammate Verhulst were given bans and competitive cooldowns.
Apex creators suspect RCE exploit, call for mass uninstall
Following the shutdown, the Apex community was sent into a frenzy. While the source of the hack, Destroyer2009, was all but confirmed given the messages in the chat, the unknown method of the hack has left players and fans panicked.
One such theory is a remote code execution (RCE) exploit, which allows a hacker to execute code remotely on another PC. A vulnerability may exist in the Apex client or the game’s anti-cheat, Easy Anti-Cheat (EAC), that allowed Destroyer2009 to install cheats onto the player’s systems. As Apex runs on a modified version of Valve’s Source engine, one person believes an older RCE exploit may still exist and is in use by Destroyer2009.
Destroyer2009 themselves claimed in a message to X user @AntiCheatPD that they were using a known RCE exploit. It’s a serious concern if the vulnerability exists in a game as huge as Apex, and many players are rightfully worried. AntiCheatPD, among others, is calling for players to immediately uninstall Apex until EA or Respawn addresses concerns publicly.
ALGS NA delayed: Where to from here?
After admins shut down the server, the Apex Esports team postponed the ALGS NA final “due to the competitive integrity of this series being compromised.” It is unclear at this time when the ALGS NA final will resume, or whether other regions will be impacted. Dot Esports has reached out to the esports organizers for further details.
It’s clear many Apex fans are waiting for EA or Respawn to make a longer public statement addressing the security concerns, but for the good of competitive integrity, the esport cannot be allowed to operate until there is no way today’s actions can occur again. It’s a serious blight on the battle royale both casually and competitively, and the longer players are kept waiting, the more damage will be done to Apex in the long run.
This article will be updated with more developments.