Having dug into the #ApexLegends hack from Sunday I have two theories, but first a little background. If you have no idea what I'm talking about, here's an article about it: https://techcrunch.com/2024/03/20/apex-legends-hacker-said-he-hacked-tournament-games-for-fun/.

I have played Apex since it was released and something that's always stood out to me is how server authoritative it's seems to be. My friends and I have noticed that a lot of stuff that you might expect to be client interpolated is actually in sync between our clients even down to animations curves.

My two theories both rest on the same idea: I don't think the hacker had client RCE via the servers nor do I think they compromised the two affected players. I think they found a way to control the server(either RCE or some protocol vulnerability). The aimbot and wallhack that was enabled for the two effected players I suspect are QA tooling that is present in the game and can be enabled from the server. Likewise the supposed "cheat" UI that was shown on one of the players screen I also believe was rendered in response to server instructions. This tracks with how server authoritative Apex is. It does not feel out of the question that the protocol is rich enough to instruct a client to render bespoke UI. The hacker has also been known to spawn bots to harass prominent streamers, something that could also be explained, not by RCE on the servers, but by existing QA/support for bots that the hacker is able to trigger.

As for the two theories: I think either this is a cheat developer who has discovered these flaws by reverse engineering the protocol or, less likely I think, it's a disgruntled employee who was fired in the layoffs that occurred a week ago.