[UPDATED] Asset Transfer Exploit Update
Updated November 27th, 2024
Investigation Update
We expanded our investigation to additional game modes and cross-referenced this against blockchain data on transfers, based on this analysis we have cleared 20 accounts from the original list of 65 accounts.
Token Rewards for October Leaderboards on all cleared accounts are due to be distributed today (27-Nov-2024). Remaining accounts have been permanently banned. We believe the current measures have closed this exploit, and we will now perform the analysis retrospectively on past month Leaderboards to ensure the integrity of the playerbase.
Phase 1 - Complete: Accounts that exploited tainted assets in October Endless Mode, 29 accounts banned.
Phase 2 - Complete: Accounts that exploited tainted assets in October Arena, Rush, Guild Boss modes. 16 accounts banned.
Phase 3 - Ongoing: Accounts that exploited tainted assets in any competitive mode. Accounts affected TBD
——————————
Greetings, Commanders!
Today, we want to address a critical exploit brought to our attention 2 weeks ago. This exploit allowed users to access NFTs they did not own by transferring assets out before the game’s wallet synchronisation procedures could be completed. Most concerning were reports of a “tool” that had been developed to systematically and efficiently abuse this exploit.
This behaviour goes against the core principles of Web3 digital ownership, and are a direct contradiction of our stated Terms of Service. Upon receiving evidence of this exploit, we convened an emergency team meeting to determine the next steps.
Actions Taken
- Hotfix Implementation: Within 24 hours, we deployed a hotfix to prevent future exploits of this nature.
- Blocking October Token Rewards: We withheld token rewards from any accounts suspected of interacting with high-risk assets, identifying 65 accounts exhibiting anomalous behaviour indicative of exploitation.
- Account Suspensions: Based on circumstantial evidence submitted to us, and our internal analysis of suspicious behaviour we have placed temporary account suspensions on these users while we perform forensic deep-dive analysis of their account behaviours.
- Permanent Bans: Preliminary investigations have already revealed that 29 accounts have simultaneously used two high-risk assets in GOG’s Endless game modes during the investigated timeframe. These accounts have been permanently banned. The deep-dive analysis will continue for all game’s other competitive modes and will be expected to conclude by the end of the month.
Steps 1 and 2 were executed within the first 48 hours of the incident, allowing the October token leaderboard distribution to resume. Step 3 and 4 required a more thorough investigation, as the seriousness of this exploit warranted permanent account bans. We have taken the time to ensure our evidence was comprehensive and the process was fair. The team thanks the community for their patience.
Implementation of Account Suspensions
Based on evidence submitted and our own internal analysis of behaviours correlated with the exploit we have flagged a list of accounts that have both exhibited anomalous behaviour and/or documented evidence of participation in the exploit. Beginning today all accounts in this list have had their accounts suspended pending further investigation.
For these accounts we will under-take a deep-dive into historical account behaviour, taking into account clear proof of participation in the current exploit, previous warnings, and records of other bad-behaviour (e.g. evidence of multi-account behaviour, evidence of other bug exploits), where appropriate these suspensions will be reversed in due time if they are cleared. We will not be sharing the identities of these accounts.
Implementation of Permanent Bans
For some accounts deep-dive analysis has already revealed their participation in the exploit, and beginning today, we will implement permanent bans on offending accounts in three phases as our deep-dive investigation continues:
Phase 1, Immediate: Accounts that exploited tainted assets in October Endless Mode, with 29 accounts affected.
Phase 2, by Nov 22, 2024: Accounts that exploited tainted assets in October Arena, Rush, Guild Boss modes. Accounts affected TBD.
Phase 3, by Nov 30, 2024: Accounts that exploited tainted assets in any competitive mode. Accounts affected TBD
Closing Note
We thank the community for its support and vigilance. Exploiters have undeniably impacted the competitive integrity of our game, and we remain steadfast in our commitment to protecting our ecosystem. Together, we can ensure a fair and engaging experience for all players.