FR EN DE ES IT PT
Browse forums 
Ankama Trackers

Ogrines Market Exploit / Possible Rollback

By #[Izmar] - ADMIN - June 04, 2012, 10:24:51
DevTracker Announcements

Late Sunday night, an exploit was discovered in the Ogrines/Kama market. This exploit did not allow players to steal kamas via the Ankabox system (as it was rumored) but it did allow some players to generate kamas from the Ogrines Market.

The Ogrines Exchange has since been taken down for maintenance and the flaw has been corrected.

At this time it seems that a rollback on some servers is unavoidable. However, we are conducting extensive reseach to assess how each server has been affected by this exploit and adapt the measures that we are going to take based on these studies. At this time, we cannot give a definitive list of which servers will be rolled back or for how long.

We will, however, update you as the situation develops and inform you about the steps we are planning to take.

Even though the exploit has been corrected, until we can determine the severity of the actions we will need to take I strongly suggest that you wait before undertaking any major projects in-game. It is possible that some servers will be spared a major rollback, but it is always better to be safe than sorry.

The players who abused this exploit will be sanctioned.
The entire team wishes to thank the players who brought this problem to our attention.

On the behalf of all our teams, I deeply apologize for this inconvenience and thank you for your patience.

Reply
First Ankama intervention

We are continuing our investigations into all of the servers and accounts that have been affected by this exploit. The exploit has only existed in the marketplace since late last week, therefore, the maximum amount of rollback possible may be several days. However, we will still do our best to see to it that any rollbacks that are necessary are as short as possible, and any server that doesn't require a rollback will not be touched.

We will communicate with you more as the day goes on.

Thank you again for your patience.

See message in context
Reactions 2

We are continuing our investigations into all of the servers and accounts that have been affected by this exploit. The exploit has only existed in the marketplace since late last week, therefore, the maximum amount of rollback possible may be several days. However, we will still do our best to see to it that any rollbacks that are necessary are as short as possible, and any server that doesn't require a rollback will not be touched.

We will communicate with you more as the day goes on.

Thank you again for your patience.

Reply

Update!

The flaw that caused this issue was introduced into the Kama Exchange on Thursday, May 31 after a maintenance operation. During this procedure, the protection that normally prevents exploits like the one that caused this issue stopped working.
This loophole allowed cheaters to duplicate large amounts of kamas by creating fake offers on the Kama Exchange on several game servers.

In spite of rapid reports on the forums starting on Friday night and an investigation by our weekend server team on Friday and Saturday, we were unable to find any instances of this exploit right away, which led the team to believe that the reports were erroneous. This is because the reports attributed the problem to the Ankabox system, which was unrelated, and this is why a report was posted on the French forums on Sunday saying that there was no exploit in the system. Unfortunately, the flaw was definitely real, but our team was not able to identify the real exploit until later on Sunday.

When the issue was identified on Sunday, the team immediately closed access to the Ogrines Exchange to correct the problem, but by this time, the cheaters had already created significant damage across multiple servers by injecting excessive amounts of falsely generated kamas, which destroyed the economies of the servers. This is why we announced the strong possibility of rollbacks that could be necessary to correct these problems.

Today, that is Monday, our team focused their attention on the Kama Exchange logs for each server over the weekend in order to clearly identify the cheaters, the amount of kamas they had generated, which servers they generated the kamas on, and what they did with those kamas. This was with the intention of reducing the number of servers that required a rollback (if the cheater simply stored the fraudulent kamas, instead of injecting them into the economy by purchasing items through the Marketplaces and Merchants, the impact on the server was not as damaging).

The flaw was relatively easy to discover, but fortunately the number of cheaters was limited. Approximately 500 players exploited the error, but almost 98% of the kamas that were generated were created by less than 30 players. The small number of extreme cheaters helped speed up our team's investigative work.

And thanks to this research, we were able to adapt the measures that we needed to take in order to correct the impact of the exploit on the servers. This means that we are able to limit the number of servers that require a rollback to the following list:

Kuri will be rolled back to a save taken at 00:01 on May 31
Silvosse will be rolled back to a save taken at 00:01 on June 1
Many, Pouchecot, Hecate, Jiva, and Djaul will be rolled back to a save taken at 00:01 on June 2
Crocoburio, Helsephine, Bowisse, Menalt, and Hyrkul will be rolled back to a save taken at 00:01 on June 3

The servers listed above will be taken down at 5:20 PM (DUT) on Monday to make the necessary rollbacks. All other servers will not be affected.

All other servers have either been spared by this fault, either because the generated kamas were traced and elimitated before they could be injected into the economy, or the number of kamas that were generated was too low to have a significant effect on the server.

Our priority today was to address these problems as quickly and intelligently as possible and allow you to play again peacefully. But we have not lost sight of the fact that we need to think about the future and consider the possibility of compensation for the inconveniences caused by this problem.

Although we freely admit that Ankama is primarily responsible for this problem and that it is our responsibility to provide a game that does not allow for this type of exploitation, we must not forget that it is the dishonesty and greed of certain players that blew this problem up to a crisis of epic proportions. The players who found and exploited this weakness will be punished severely, all of their accounts will be banned permanently.

Finally, we would like to profusely thank the many players who have reported this issue by Ankabox, tickets, or the forums. Their reports and explanations were very helpful in resolving this crisis. Ankama thanks you sincerely for your honesty and motivation!

And again, we apologize to you all for the inconvenience and worry that this issue may have caused you. We are well aware of how this situation has made life difficult for you, and tomorrow we will discuss what compensation we can provide to match the extent of that damage to your playing experience.

Reply
Respond to this thread