This is not a post I enjoy writing, but it is important that we discuss things clearly and openly with the community.
We recently became aware of an infinite silver exploit being abused by several members of the Hear Me Roar Alliance. When we became aware of it, we closely monitored the affected accounts and found instances of silver increasing dramatically - at one point, a single account jumped by 14 million silver in twenty minutes. The vast majority of this silver was used to repair Hear Me Roar’s camps.
These exploiters were first pointed out through support tickets, and investigated by the Disruptor Beam Support Team. We understand how this exploit was done, and have identified the players involved. As a result, we are taking the following actions:
Hear Me Roar’s VP will be decreased by 40 million VP.
The exploiting players have been permanently banned.
Why remove 40 million VP?
We looked into whether we could clearly identify VP gained from the exploiting players. Previous AvA exploits and scripts relied on individual actions, such as many barter or fight actions. That was quite easy to find, total up, and remove. For this case, the silver went to keep camps repaired, so that the camps contributed their full VP per hour. Defining that exact amount would require days of work and verification, in addition to many assumptions. The exploiting accounts contributed 893,000,000 silver to camp repairs and upgrades (82% of the total), while all of the other Hear Me Roar members contributed 188,000,000 silver (18% of the total). The majority of the Ice Phase silver used up to 3/20/14 8:15pm EDT came from these exploiters.
Calculating VP due to repairs is difficult. There are a lot of assumptions involved, because an Alliance could spend 10 million silver in an hour of repairs, or 2 million silver for four hours of repairs. It all depends on the number of attacks that came in to an Alliance’s camps. After looking at the number of incoming attacks, the days that the attacks and repairs occurred, and discussing with the Hear Me Roar officers, we decided to remove 40 million VP. This VP will be removed proportional to their camp regions.
So we’re clear on the numbers involved, as of 3/20/14 8:15pm EDT (the time when all exploiting players were banned):
HMR had a total of 151,100,000 VP:
—77,500,000 VP came from AvA actions.
—450,000 VP came from AvA defenses.
—73,000,000 VP from camp and camp hourly contributions.
-Of that 73,000,000, a large portion was supported by 23,400 AvA Aid actions.
-Another large portion came from the silver repairs done by these exploiting accounts.
-A smaller portion came from other HMR members.
By removing 40,000,000 VP, more than half of camp VP earned this phase will be removed.
We brought this issue to the attention of Hear Me Roar’s leadership, and they have agreed to our decision.
Why go straight to a permaban for these players?
Sometimes, the severity of an issue is so great that we skip our typical ban procedures and remove an account entirely. It is not a decision we make lightly.
What about other phases? Were they affected?
I performed an audit of silver contributions for previous phases and didn’t see significant evidence that this was being abused outside of the ice Phase. This phase saw silver contributions an order of magnitude greater than the previous four phases. The data itself may be found below.
The leftmost outliers, aside from the exploiters, come from players who had large amounts of silver on their account before they began participating in AvA.
How confident are you that an exploit occurred?
Evidence for this:
—Manual recording of database transactions from the live database for two of the accounts, watching silver increase by several million in a minute or two.
—Outlier silver contributions that were an order of magnitude larger than previous phases.
—Aggregation of all quest completes, ptp barters, and other sources of silver to confirm that the silver gained by these accounts was far, far less than was contributed.
—Server logs indicating exploitation of buying and selling silver items by another of the affected accounts.
What about the exploit itself?
We’re plugging the holes that allowed this to happen. They should be fixed in a future update, and until then, we will be keeping a very close eye on the silver gains by Alliances.
We are also aware of several other exploits, and as part of our bugfixing focus these past few weeks, we have been plugging those holes. We will continue to do so in future updates. AvA is especially sensitive due to the competitive nature of the system.
But what if you’re wrong?
It’s always a possibility, but Khatie and I feel pretty confident that we both understand what was done, and who did it. Our engineers and QA team verified the exploit and were able to reproduce the issue, and the mechanism behind it is well understood. If we were wrong, we will reverse our decision, and of course every affected player will have a chance to appeal their ban.
What about Hear Me Roar?
Hear Me Roar is a huge Alliance. Their officers have helped us in the investigation, and it is important to note that none of their officers were involved. We’re confident that they’ll recover from this event, and we want to strongly note that the actions of a few players should not taint the vast majority of their players who play within the rules.
Since all players involved came from a single Alliance, we felt it was important to involve that Alliance in our discussions. For a competitive system like AvA, transparency is important for all parties. If you have any questions, please let us know in the thread.