Fun, lack of bounty for security bugs motivated Apex Legends hacker: report

Destroyer2009, the hacker who was responsible for shutting down the Apex Legends Global Series NA qualifier, admitted in an... Paolo | 26. March 2024

Destroyer2009, the hacker who was responsible for shutting down the Apex Legends Global Series NA qualifier, admitted in an interview that he did the hack “just for fun.”

Destroyer2009 told TechCrunch in an exclusive interview that the end goal of the hack was to force Apex Legends developer Respawn Entertainment to fix a vulnerability he reportedly exploited.

This hack put Apex Legends on the map for all the wrong reasons – with speculation going online going as far as saying the game is no longer safe to play, and credentials may have been compromised.

“I really don’t want to go into the details until everything is fully patched and everything goes back to normal,” Destroyer2009 told TechCrunch. 

He said, the technique he used had “nothing to do” with the server, and he had not touched anything outside of the Apex process, as well as claiming he did not hack the computers of TSM player Philip “ImperialHal” Dosen and DarkZero player Noyan “Genburten” Ozkose.

TechCrunch claims Destroyer2009 declined to provide details of how he allegedly pulled off hacking the two players mid-game or which specific vulnerabilities he exploited.

Destroyer2009 told TechCrunch that he intentionally did not tell Respawn and publisher Electronic Arts because they do not offer a bug bounty program that financially rewards hackers and researchers for their own efforts in reporting security flaws.

“They know how to patch it without anyone reporting it to them,” he told the news outlet.

He also claimed he targeted both ImperialHal and Genburten because he felt the two were “nice guys”, as well as the act giving them “free views and attention.” The two did not respond for comment when TechCrunch asked for their statement.

“Just imagine if it wasn’t a joke and we didn’t put any memes in the cheat, I’m pretty sure you can ruin someone’s career if they had a cheat pop up on a tournament,” said Destroyer2009 in defense of his actions.

The cheat device had a “Vote Putin” button installed and was reportedly available for a cheating software that is not public.

Respawn and EA have not commented on the TechCrunch story, but have already announced earlier that they have deployed security updates following the incident.

“Our teams have deployed the first of a layered series of updates to protect the Apex Legends player community and create a secure experience for everyone,” said Respawn in its statement.  

“We are still actively working with our partners at EA and Respawn and remain committed to ensuring the security and competitive integrity of Apex Legends tournaments. At this time, we do not anticipate any changes to the Split 1 Playoffs. We will have more information to share on the Challenger Circuit and the NA Regional Finals soon,” they added.

Easy Anti-Cheat or EAC, the software used by Respawn Entertainment for Apex Legends, earlier came up with a tweet apparently referencing what had happened in the ALGS, saying, “we have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time – we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed.”