The most recent League of Legends exploit involves a back door into user accounts that allows the perpetrator to use the victim's IP and RP points.
The exploit has been generating a lot of discussion on League of Legends sub-Reddit. Basically, it allows hackers to access the game's store from a web browser, and not through the game client.
By doing that, the hacker gets access to a users "Summoner ID" and a session token, which are later used to make IP and RP transactions on behalf of the victim. And because you don't actually have to be logged into the victim's account, the victim doesn't get booted.
"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering. What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost," said a Riot representative.
"Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."
You can take a look at what happens on the victim's screen when the exploit is used in the video below.