6 April 2022

Cyrex Hacking Roundup: April

As Easter rolls around the corner, a new wave of hackers has begun hatching their latest schemes. From crypto heists to DDoS attacks, we have the biggest and latest stories in the gaming industry security. So stay informed, and stay secure with our latest Hacking Roundup!

Elden Ring endless death cycle patched

Our first hacking roundup story revolves around one of the most anticipated games of the year, Elden Ring. Developed by FromSoftware and published by Bandai Namco Entertainment, the critically acclaimed game fell prey to hackers. These malicious actors targeted and infiltrated PC users' games, causing them to crash. To make matters worse, once players restarted and logged back in, they were thrown into a frustrating endless death cycle loop.

Fortunately, FromSoftware quickly responded to these customer complaints, releasing the latest patch update. The patch resolved the issue and a few other bugs, including one in multiplayer that allowed players to teleport others to incorrect map coordinates. You can view the patch notes here.

DDoS Among Us servers' sabotage

Players of the popular online multiplayer social deduction game, Among Us, recently struggled to connect to its servers at the end of March when they faced a DDoS attack. The server attack originally went unnoticed by developers Innersloth. However, after receiving copious amounts of complaints from players unable to log in, they quickly took their European and North American servers offline.

Innersloth kept updating their fanbase on Twitter, announcing they were doing everything to resolve the issue. The DDoS attack proved to be quite a hindrance, as servers remained shut down for over four days. Fortunately, Innersloth seemingly resolved the issue, with the servers seemingly stable again. Hopefully, they don’t face any more problems going forward, and allow their players to return to their tasks uninterrupted!

Crypto Hackers steal $625 million from Axie Infinity

Saving our biggest and (not so) best story for last, popular play-to-earn blockchain game Axie Infinity suffered one of the biggest crypto hacks in history last month. Developer Sky Mavis was the victim of the major hack, where $625 Million was stolen in a combination of USD Coin and Ethereum. The attacker used hacked private keys to forge two fake withdrawals from Ronin, an Ethereum-linked blockchain platform used for the game.

While the attack occurred on March 23rd, the developers only noticed the attack on March 29th. This delayed response has many specialists concerned about the lack of security, with Wilfred Daye, head of Securitize Capital, recently stating, “nobody notices for six days screams aloud that some structure should be in place to watch illicit transfers.”

Axie correspondents have announced that they are currently working with a number of blockchain data firms and have identified this attack to be an external breach, rather than a technical flaw. The team are currently monitoring the stolen funds, handling forensics, and attempting to recover the stolen funds for the game’s players and their own account, saying they’re “committed to ensuring that all of the drained funds are recovered or reimbursed.”

To catch up with our previous hacking roundup, check out our February article, where we covered the latest hacking news surrounding Halo Infinite and many more.

To discover more about Cyrex, check out our blog and portfolio page. We also offer comprehensive manual penetration testing for games and non-gaming applications. For any other questions,please get in touch.