DDoS and hand injury but he still won worlds twice in a row

To think they still endured and won worlds. Insane

It's even more impressive T1 managed to win so many worlds with this bs

this is a real problem in multiple games, i got hit offline 2 times in a week by kids who have something called nightmare stresser or booter or something like that, i am getting sick and tired of this... if someone has a fix other than a vpn please tell me the vpn is too slow and laggy

Being able to DDoS people in solo queue is one thing, but being able to DDoS people during a professional match is unacceptable. Pro matches and/or scrims should not be pinging the RIOT servers in any capacity. It's unnecessary when we have the technology to create private servers that don't require an internet connection to the outside world. RIOT has billions of dollars in revenue every year and they actively choose to not use this type of setup during pro matches when it's stupid simple to do with their resources. Absolutely disgusting.

its obvious what's happening, clearly they're just writing the T1 player's names in the Lag Note

my best guess is gambling, if they can win money by ddossing to win bets...that's a lot of money and its a lot more money if they also own a betting platform.

knowing how useless riot is, I can Imagine someone from the comunity exposing them out, however that would not solve the problem, it is just shitty for everyone

The motivation is not clear? Please! You'd have to have been living under a rock to not see the gigantic hate this team is subjected to. More than anyone the EU fans. The team is the greatest of all time. Undeniably so and they do everything they can to sabotage the "T1 empire" as it's labeled every time T1 wins. A moniker that's not with positive intent but scorn. Trying to make them seem like oppressors. People can't accept that to beat them you just gotta git gud.

The chinese hackers thinking they would win a Worlds by ddosing t1

The reward is UP TO 100k This means that should you expose the hacker(s) and give riot the info, they don't have to give you all the money if they don't want to

Love these longer form style videos, always so well researched - keep them coming!

$100k is laughably small amount of money.. back in the days, hackers were hired if they can breach a company security. now, corporations try to sue you out of existence. They never want to admit that their cyber security is garbage, instead, they want to jail people who want to advance the cyber security space

With these i have more respect on Faker he stayed on this team for 11 years or more i think and still counting. It’s not easy to play for T1 great org but there are group of people out there trying to sabotage them.

What people not familiar with the Korean league scene outside of the pro scene don't realize is that the famous league streamers and 3rd party events and tourneys are getting ddos'd quite frequently even without T1 playing league. T1 is ofc the No.1 target of ddos whenever they stream, but there seem to be multiple attackers that are not related to each other. Like there's this one person who's been targetting one specific streamer and even stops ddosing for just one game after countless attacks because the streamer begged to stop. I'm assuming the attacker wanted to feel like a higher being than the streamer with this whole thing. I only heard this part from the streamer's fans, but it seems like this particular attacker understands Korean and has interacted with the streamer in such ways even the streamers realized they can communicate with the attacker. The streamers and 3rd party tourneys constantly getting ddos'd is ruining the casual league scene as streamers are playing league less, some completely stopping the league stream. A lot of these streamers are struggling because their fanbase is built on league, but they can't play league and therefore basically cannot make the same income as before. Imagine if Caedrel, Jankos, theBaus, Doublelift, Sneaky, Tyler1 etc all got ddos'd and tournaments like NNO cup got ddos'd too. I feel like there would be way more outrage right now. It's been awfully quiet for how many people are suffering in Korea. They've been getting ddos'd before T1 started getting ddos'd and they are still getting ddos'd right now constantly.

It's obviously the Chinese. Who else would do that? Those will surely do something like that.

it actually backfired and t1 won because of that. Just like in mma how fighters stopped sparring before fights because it cause unnecessary damage and fatigue so they are more fresh and powerful in the fight day. Same thing happened with t1 because professional players practice and play under so much stress they get a lot of wrist relax injuries but because of ddos they actually had less practice fatigue and more rest time. Giving them a chance to recover for even better performance. Professional are known to be push them selves too and there definitely is such a thing as over training.

Pretty insane documentary style video, good work Ryscu. I especially liked the animations you put in.

I'm really not getting the confusion there. The teammates of T1 are targeted, so improvements in the T1 infrastructure are irrelevant. Vanguard might have the same vulnerability as Xigncode, or maybe even the game itself. IP changing periodically is irrelevant here, just a waste of time. First, it's still pretty stable, second, the attacker target T1's teammates. $100k is still a very small bounty compared to the size of the problem.

DDoS being an issue in 2024 is just scream unprofessionalism for Riot DevOps and net coders, nothing more.

0:20 So Riot is offering itself 100k?

Still really sad that T1 can't stream to properly to this day. And people have the gull to hate them when the majority of the year, they can't practice efficiently, yet they still won Worlds. That's a slap in the face to the people hating them and DDoSing them.

Gangnam is a very elite, expensive district of Seoul, not a South Korean city, for anyone wondering. The video is great and these 2 may be my new favorite parasocial siblings

good stuff man, appreciate the content and it was well put together inormative and easy to follow. Keep it up man, i love this kind of stuff. Also i tip my had to you on the smooth transition into and out of the self promoting patreon add.

Seeing how cheap companies are with bug bounties is exactly why hacking is so prevalent as it is PayPal offering 300-5K for hacks that will cost them millions in fines is crazy.

I fondly remember that time someone said to me out of the blue "Im sorry myusername" in allchat seconds before my home wifi stopped working... we didn't have wifi at home for days ;D

You get a few things wrong in this video, a lot of it related to DDOS mitigations and bug bounties. The biggest thing you need to keep in mind is that the reason Riot put a $1 mil bounty is because the people that make money from doing this make way more than 10 or 15 thousand, so Riot needs to adjust reward so that someone will be willing to do something for it

The issue with this type of stuff is that if someone with the abilities wants to hack you, they'll be able to hack you regardless of what you do...

Keep in mind gen.g record season was only after t1 was being ddos..... face them at their best and you die like the rest.

Guys a Bugbounty up to 100k is a completely normal phrasing. It depends on how fatal the vulnerability is. If you find a bug that might be leading to a ddos but you can't proof ip Adresses leaking you still get money just not a 100k this is normal for bugbounties

100k should be the annual salary of someone who can keep a game like League safe...

T1 are the most profitable and watched org in the whole league, this attck didn't hit Riot as hard because T1 win the Worlds, if they somehow failed because of DDoS, their viewership gonna get hit so hard.

inside spy employed by another esports team that can't stand losing to T1 anymore. Shareholders pressure esports team why they cant win and so they invest in a dedicated hacker team

That people actually do this, what a sad bunch you must be

i do believe a high enough bounty will generate interest among cybersecurity experts and lead to the solving of this problem.

Brilliant video my bro. The quality is insane

Multi BILLION dollar companies offering mere thousands to tens of thousands for game breaking exploits...yeah sounds like people can sure retire and live a good life if they turned in the bounty, eh? That's a few months of rent at best, whereas selling the exploit in the black market can make 10x if not more. Being "good" means being shafted and underpaid it seems.

I suppose this is a decent video for people who are non-technical, but alas, I still want my 13 mins back (and the next 5-10 mins that I'll be spending explaining this, 'cause I'm bored). Anyways, to provide some insight - there's no world in which Riot doesn't know if it's their stuff that's aiding the leakage. It's basic and quick to be able to query who queried what information (as in, in their logs, see who queried the system in any non-standard way, and got those guys' IP, and if not possible, you could just go by hand, and be done in a few hours). This is the objective truth. I imagine Riot has talked with T1, and ensured them it's not on them, and if it was, it got patched. It'd also be basic to just do some enumeration and disconnection of certain devices at times, to see where/what/how gets hit. Riot (and, I assume, the police by now) have access or can ask the owners of partner websites/services to also provide access logs and things that'd allow them to see if someone from T1 is revealing their IP because they're accessing a certain website every day. A person mentioned that this is an ISP-level thing - come on, stop reading things on the internet you have no idea about. Such thing would immediately get caught, and nobody's risking such a valuable position to make a League team lose some money. While it is technically possible, and it'd be easy to see who's who, even if traffic is encrypted, it's *probably* not the case. The most likely culprit is someone from inside the team visits a specific website that they don't know the attacker has access and/or one of their devices is infected. Anyways, whatever it is, it's easy to find. The most interesting bit - assuming it's true - is Riot saying they don't want to close the DDoS tool. It could just be that Riot realizes the attackers won't do it either way, OR they're running a honeypot-stint-operation, and the attackers themselves don't know they've been compromised. I assume this is at the direction of the authorities, who are trying to set an example, by arresting everyone that paid for this tool. Very common. Anyways. Computers aren't this blackbox nobody understands. Things are very transparent, and easy to trace. Scaringly so. Riot knows what's up. I understand you need to make a video to appeal to people who aren't in the [basic] know, but come on. This is like a bad intro to a 1998 movie about hackers.

You just gain a subscriber by bringing light into this

Great video on explaining the situation!

Love how this is becoming a psuedo cybersecurity channel. Teaching a lot of people this stuff might bring greater interest in the field. Lots to learn.

Amazing content like always! Unfortunatly this was posted in a period where there is a lot of dumb league drama with insane click baits, this video was recommened to me many times in the past 2 days but I kept ignoring it thinking it was one of them : ( Thankfully today I read the channel's name and realized it was you! Hopefully this video will get more attention, as it's very clear a fenomenal amount of work was done in it, and it was very informative! Thank you for your amazing work!

Pretty nice that someone is shedding light on problems in lolesports. It's not like T1 as an org is single handedly carrying the esport or anything like that.

it could be someone in high position at riot, that would be consistent with the source code sold on the internet and not improving the game (the rank system) for 2 decades now...

The bounty is most likely to be claimed by someone involved with the attacks. It acts as an incentive for pulling the rip chord.

Why these events don't have dedicated LANs set up to only get updates and communicate with each other is beyond me.

If I were T1, I would fire the entire IT team. The most likely scenario at this point is that someone within the infrastructure team is leaking the ip address, or their network is comprised by someone who as direct access

LPL so desperate to bean T1 by any means necessary, that's my theory on who's behind it😂

They should make and sale more jinx skins instead of fixing this. Classic riot

You are telling me that the people responsable for writing the code of their own game can't figure out what is wrong is with it? But they expect the community to solve it for them? Wow... This is kinda like what I'd expect if Bethesda Softworks decided to enter the E-sports scene

I think their DDoser has access to their IP address from the ISP level. Someone is selling him this IP, or the attacker himself works in such an agency

5:40 if the disconnect was in germany, it was most likely a vodafone issue xdd

I love these kinds of videos! Keep up the great work! (Also, where can I find the older video?)

Those hackers might tryhard crying so bad but Faker the OG GOAT still managed to get two-time World Championship, its like a biggest "L in the forehead" for those tryharders DDoS attackers bruh.

The AC probably has a function that grabs “player_client -> IP” (stored data) the cheating tool probably just reads that memory or data, thus avoiding trying to reverse player_data to grab ip

if that was someone trying to resell 250 $ skin for cheaper they would send fbi

nice video! really well made

Riot/Tencent is a Chinese company. LPL/Chinese server one of the biggest/profitable. LPL keep losing to LCK. once T1 lose on the World stage against an LPL team, i bet the DDoS attacks will stop.

It’s clear that this issue is far from isolated. Riot Games, as a multi-billion-dollar company, should have the resources and infrastructure to prevent these attacks from ever occurring. The fact that this is still happening, and that T1 players are being forced to compete under such conditions, is a disgrace to the entire competitive scene. Fine, anyway, Riot isn’t doing anything serious in my opinion - just cheap patching. so...yea let s buy more skins i guess:)

One YEAR after the first attack Riot offers a bounty? Laughable. Clearly Chinese-owned Riot doesn’t actually want to help T1/Faker who’s single-handedly raked in the most money, viewership numbers, and enduring popularity for them.

3:20 "There once was a vulnerability with League's code." *Classic Riot.*

100k for a problem that the whole of riot cant solve is a joke, if i had that amount of knowledge under my belt, i don't think i would be moved for less than a millon...

Not every ip is dynamic. Most ipv4 addresses are due to the 32-bit limit. But especially companies like to get static IPs. Because from an IT perspective, it's much easier to manage them.

I don't know what this person or group think they're doing, but this cowardice is unacceptable.

People don't realize that 100k for a bug bounty is relatively high, although not as high as someone like google might pay. My guess is that someone on the inside at T1 has been leaking their IP addresses for cash and it doesn't have anything to do with Swiss Knife (anymore)

All that money and Riot can't manage to set up an isolated server for worlds... It's rly not that difficult and it ensures that outside interference is impossible.

Riot paying more money to find these people, than the NYPD was to catch Luigi.

This reminds me of lemmino, very good production

Please support Riot Games by spending money to gacha so Riot Games can overlook and do nothing. YAY

Thanks for the content.

i don't have any evidence but here's my list of suspects: gambling sites, corrupt isps, jealous dota2 players

Riot hosts Lan events that cant be played because the match server gets ddosd. They are hugely incompetent.

what happens when youre chronically online :

T1: Hey Riot, can you stop these DDoS attacks? It's affecting your most popular team. Riot: Nah, our resources are being used through AI skins instead.. But hey, look, we implemented a GACHA skin mechanism, cool right?

oh shiiii new Ryscu video

My theory was always that there's an insider at an ISP or Riot who was leaking their IP, is that not the most obvious answer?

"up to a 100,000" u know dam well they gonna skimp out

1:10 - IP numbers can only be in the range from 0-255 so shown can't be an IP

won't it be faster for them to pretend as an outsider offering a bounty to disrupt t1 then reverse engineering the approach into a solution to fix?

the reason they lost some finals turanment... they even didnt practice properly...😢😢

ddosers such a good ppl they try so hard to make t1 touch grass but no use and even get marked as a vilian smh

Your videos are starting to become more of a piece of art rather and I'm not complaining about it. This is amazing.

I don't see any comment about this possibility but for me this screams SOCIAL ENGINEERING so hard. Someone inside T1 facilities is being paid hard to leak the IP of the facilities where they are. It stinks

You should arrest whoever thought 172.90.225 is an IP address, you should redo high school.

The bounty is bait. They trying to get one of the hackers to expose themselves. Bet there's a team of Korean FBI waiting to claim the bounty.

im sorry did u say anything in this video besides the fact that t1 are getting ddos’d and we dont know why and riot put up a big bug bounty for it? i feel like that could be covered in a short

Have we considered the possibility it is iwd

My theory is that this isnt only happening to people in korea, i used to get target ddosed when i play league in higher elo in NA.. the only way to reconnect was to use a mobile tether.. i wonder if these random solo q players started to use VPNs maybe that would make it harder for hackers to get their ip.

I get definitive fern vibes from this video brother. The production quality is INSANE

Funny thing is, there was one guy, who made so many things, for free. I would say, that Hawolt would had that problem already solved, if they didnt sue him xd

T1 is the most watched league team in Korea and probably in the world if the ddos is made by zombies, I mean, fan infected they will find a way to watch their loved players and therefore point the virus to ddos them. Or at least if something similar is possible T1 is the most logical target due to being so famous and followed. But probably is not that simple ^_^

Theses ddosing is just hacker helping them to get stronger, not gameplay wise but in mentally. And League is a mental game. You know the rest

This video is 1 second short of being 1337.

This wouldnt happen if Vangaurd let you sign in with a VPN active, no? (Without knowing a lot about cyber security) i think its crazy how many "anti-cheats" dont allow VPNs active while you play...

mentioned his patreon right after explaining what a botnet is. hmmmm, i think we just become part of YOUR botnet when we join your patreon huh? HUH?! :)

Are the graphics AI?? 0:53 The IP address here only has 3 numbers and the one at 1:10 has a number that goes above 255.

so this is why I've been losing my iron matches... they've targeted me!!

The attacker works in the building

crazy that riot is planning on allowing betting while they haven’t fixed this issue yet. or maybe that was their plan all along?

Create 2-3 proxy servers for with daily rotating ip addresses that act as the connection between their isp and their internal network.