How Riot Games Fight Wars with Video Game Hackers

As long as there were video games, there were people who were willing to find a way to cheat. Enthusiasts have long been dedicated to finding vulnerabilities in the game, often with the goal of developing cheats that they can share or sell. But ever since online competitive gaming became a legitimate profession, its hobby hacking has transformed into an industry that aims to sell unfair advantages to those who wish to pay.

Development and sales of video game cheats can become a lucrative business, and video game developers have had to strengthen their anti-cheat teams in recent years. More companies are taking the somewhat controversial step of deploying anti-cheat systems that run at the kernel level. This means you have the highest privileges on the operating system and are able to potentially monitor everything that happens on the machine on which the game is running.

One of the most notable kernel-level anti-cheat systems is Vanguard, developed by Riot Games. It creates popular titles such as the multiplayer online battle arena game League of Legends and the online first person shooter Valorant.

Essentially, Vanguard “makes you see forced cheats,” said Phillip Koskinas, director of Riot, who describes himself as an “anti-cheat craftsman” placed on this earth for one purpose: banning thieves from online video games.

According to a chart shared with TechCrunch, Riot bravely bans thousands of con artists every day thanks to the Vanguard, led by Koskinas and the Anti-Cheat team, which is led by Koskinas.

Riot’s efforts seem to be working. As of early 2025, Valorant’s “ranked” games percentage (meaning competitive matches) has made scammers under 1% worldwide, the company says.

In an interview with TechCrunch, Koskinas detailed the various strategies that Riot’s anti-cheat team uses to fight scammers and cheat developers. Take advantage of the security features of the Windows operating system, fingerprint fraudster hardware to stop reattacks, block the potential community’s potential, play psychological games, and downplay Cheater.

“We can make them look like fools.”

Much of the efforts of Koskinas and his team comes from Vanguard having the deepest level of access to gamers’ computers. To eliminate scammers, Vanguard is already utilizing some of the security features built into Windows.

First, Koskinas explained that anti-cheat software “nearly universally” implements some of the most important security features of “trusted platform modules, hardware-based security components, secure boot, etc.). These two technologies check if your computer has been altered or tampered with, such as malware or cheats, and in that case it prevents it from booting. Vanguard then ensures that all computer hardware drivers that allow the operating system to communicate with the hardware are up-to-date to identify additional hardware that allows for fraud. Finally, Vanguard prevents cheats from loading and running code into kernel memory.

“Essentially, we use or enforce all the security features that Microsoft and hardware manufacturers use to protect their operating systems,” Koskinas told TechCrunch. “We need a play area where we can play. We need to have a certain level of security in place.”

But technology isn’t the only way to fight fraudsters. It is also about understanding the scammers themselves and how they work.

Koskinas’ team has a “reconnaissance department,” he said. Its main responsibility is to obtain and catalog the threat. The team gets some by using the sock puppet identity that has permeated the community of scammers and cheat developers that resemble the fulfillment business for years.

“We even provided anti-cheat information to establish credibility. We assume it’s ours. [reverse engineered]Koskinas said: “And make sure you take advantage of our path to something that’s under development, then sit there until you launch it, get users and then ban everyone.”

Some cheat developers try to ensure that, as Coskinas calls it, sell only to a small number of customers, essentially marketing their products as high-end or “premium” cheats, essentially, by marketing their products as high-end or “premium” cheats. These premium cheats cost thousands of dollars and are sold to just a handful of customers, Koskina said.

Cheatmakers use this strategy to not only reduce the risk of selling to undercover riot workers, but also reduce it to customers who are more aware of blatant fraud and cheat exposure.

These developers essentially sell “a reputation that they are not detected,” Koskinas said. One of the “strongest weapons” of Riot’s Anti-Cheat team is that they don’t publicly trust cheat developers by banning all players, for example, or leaking screenshots indicating they are inside in discrepancies channels.

“We can make them look like fools,” he said.

Koskinas and his team need to be careful not to descend too hard. By causing a bit of cheating, within the scope of the reason, riots can slow gamers to get better cheats. “When you hit all the players each time, they just change the cheat until they find something undetected,” he said.

“We will slowly ban you to continue to make fun of fraud,” he added.

To stop repeated criminals, Vanguard can “fingerprint” the hardware used by scammers (which effectively identifies devices), making it difficult for that player to obtain new cheats and continue to cheate.
In a more psychological strategy, Koskinas and his colleagues also publicly troll troll by calling “brainless pathogens” by calling “brainless pathogens” “can’t do well in this video game.”

Scammer’s Toolbox

All of these methods and strategies allow most cheating players to be roughly divided into two categories. The first one represents most scammers and is made up of people who are “angry cheating” by using inexpensive tools that are easy to detect. According to Koskinas, Riot employees ironically call these cheats “download A-Ban.”

“A lot of con artists, if you think about it, they’re a bit young,” he said. “Many of them have not grown yet. The way they engage in the game is cheating, and a lot of that action is like the power you feel when you do it.”

“They’ll come back and they’ll be banned and they’ll do it every weekend for the next two or three years… and eventually they’ll bump into puberty and it’ll work,” Koskinas said with a smile.

The second category consists of a small number of categories that use premium cheats that are difficult to detect. These tools are known as “external” cheats, Koskina explains. This is because it relies on the use of real hardware as well as software.

One type of external cheat relies on direct memory access (DMA) attacks. DMA cheats require players to use special hardware – think of a high-speed PCI Express card – exclude all of VALORANT’s memory on another computer that is outside the scope of Vanguard and can scrutinize the game with dedicated hardware.

By doing this, you can use a separate computer of a con man to identify other players. In-game objects such as walls, ammunition, and weapons. It then identifies exactly where players and items are in the map. This can also include objects that are invisible to gamers. Next, using the firmware installed on the card, the cheat will create a radar on the second screen, finding the rival player to gain an unfair advantage even if the rival player is hidden.

According to Koskinas, more advanced versions of this type of cheat rely on HDMI fusers that go back to the main screen of the con man and overlay what is being read on separate computers. In this way, scammers don’t need to check where the other person is to see the computer display.

These techniques allow con artists to see through walls known as “wall hacks,” and grant what is called “special recognition” essentially an in-game superpower.

“I think we’ve detected a large part of it today, but it’s kind of iteration,” Koskinas said.

Next is the screen reader cheat. Here, the computer’s HDMI output is sent to the second computer to detect and classify what is on the game’s display, such as the head of the opponent player. The second computer sends back instructions to an Arduino mini-computer, for example, to control robotics. For example, it automatically targets other players who are connected to a fraudster’s mouse and whose players are the type of cheat known as “Aimbot.” As Koskinas said, “Essentially, mice are controlled by machines for all intents and purposes.”

If cheats work well, detection can be difficult, but Koskinas said in the long run, scammers “do not look like human players.”

“You need to humanize [the cheat] Koskinas said:

Still, Koskina admits that this technique is popular. The downside is that you need a potentially expensive 2-second PC with a fast graphics processor to quickly classify what’s going on on the screen and send steps.

The future of fraud

Koskinas says he is worried about using AI for screen classification.

“It’s already here,” he said. “Especially in bravery with those bright outlines, you can do it with almost algorithms […] Press the fire key to see if the proportion of this box is sufficient purple. ” For the sake of context, the letters of Valorant have clear, vivid colour schemes.

Despite the security and privacy risks associated with anti-cheat technology with kernel-level access, Riot has no plans to leave the anti-cheat engine approach, at least for Valorant. Otherwise, according to Koskinas, it would be too easy for a scammer to use kernel exploits.

In general, Koskinas is trying to become more transparent about Riot’s anti-cheech efforts, including publishing several blog posts about how the company chases scammers and talking to journalists. He said Riot “has the most invasive anti-cheat by asking people to run their services at all times.” Players deserve to know how the company uses its privileges.

“The best thing you can do with asking for that level of access and being that way is to be as transparent as possible about opacity,” Koskinas said.

“We don’t tell you what’s under the hood, but we’ll tell you pretty much anything,” he said.