If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

League of Legends exploit allows hacker to spend victim's RP and IP points 

The most recent League of Legends exploit involves a back door into user accounts that allows the perpetrator to use the victim's IP and RP points.


The exploit has been generating a lot of discussion on League of Legends sub-Reddit. Basically, it allows hackers to access the game's store from a web browser, and not through the game client.

By doing that, the hacker gets access to a users "Summoner ID" and a session token, which are later used to make IP and RP transactions on behalf of the victim. And because you don't actually have to be logged into the victim's account, the victim doesn't get booted.

"We're getting this fixed right now, though we can't speak to the specifics of the exploit or the explanations fellow Redditors have been offering. What we can say is that we can see everyone who was hit by an attack, and we'll be returning all RP/IP that was lost," said a Riot representative.

"Since the store was involved, we also want to reassure you that this didn't expose any personal information like credit card numbers. Your data is safe."

You can take a look at what happens on the victim's screen when the exploit is used in the video below.

Thanks, PCGamer, Toruks.

Topics in this article

Follow topics and we'll email you when we publish something new about them.  Manage your notification settings.

About the Author
Sherif Saed avatar

Sherif Saed


Sherif is VG247’s go-to shooter and Souls-likes person. Whether it’s news, reviews, or op-eds – Sherif is always eager to tell you about video games. Sherif is based in Egypt, a fact he’s working diligently to change, if only to have more opportunities to hike.

VG247 logo

Buy our t-shirts, yeah

They're far more stylish than your average video game website tat.

Explore our store
VG247 Merch