Just a few days ago a user of ESEA’s Client reported that a memory dump of the actual process clearly shows that the client software was connecting to a Bitcoin mining pool and harnessing the GPU power of end users’ graphics cards for the personal gain of an ‘unnamed individual’ at ESEA.

The ESEA client which is described by its developers as:

“… a tool developed to help us further combat cheating and other server disruptions. Along with aiding in the fight against cheaters, the client is also a very handy way to have ESEA on your desktop.”

This sounds fantastic, the client combats cheaters and is also required to play on all ESEA game servers - but things weren’t as they seemed.

The forum topic on the ESEA forums quickly gained momentum as people unfamiliar with Bitcoins and the GPU intensive process involved in mining for the cryptographic currency started to get to to grips with what ESEA had actually being doing.

After winding up on Reddit the forum topic got huge amounts of coverage and answers were demanded.

Firstly one of the ESEA administrators Sean "Jaguar" Hunczak replied to the original topic stating that it was a joke:

“…holy jesus jump to conclusions why don't you

No your computers are *not* being used to mine. there was briefly a time when we explored the possibility of mining or letting users mine coins, but it was a joke by lpkane and the code was decidedly not used when we had discussed the issue further.

There was one issue regarding the subject that inadvertently occurred during a server restart very recently that i had to take care of, but that's NOT something that happened for very long, or for every user, and i made absolutely certain that will never happen again.

I formally apologize for the mistake in alarming any users, but there have been a number of updates recently regarding AC for the benefit of the community, and for that reason the servers have restarted several times recently leading to this overlook on my part.

Any users can feel free to PM me if they have any serious concerns regarding this, thanks, and I take responsibility for this.”

However I’m not quite sure how putting Bitcoin mining code into your client would net any laughs by the users affected let alone be constituted as a joke.

After ‘Jaguar’ replied in the forum topic an official statement was released on ESEA’s news feed by admin ‘Ipkane’ which went along the same ‘April fools’ joke story line in which he explained that:

“back towards the end of march, as btc was skyrocketing, jaguar and i were talking about how cool it would be if we could use massive amounts of gpus logged into the client to mine

we went back and forth about it, considered doing something for april fools, didn't get it done in time, and eventually elected to put some test code in the client and try it on a few admin accounts, ours included

we ran the test for a few days on our accounts, decided it wasn't worth the potential drama, and pulled the plug, or so we thought”

Ipkane then went on to say that the code was in the client but inactive and it was a recent server crash that caused the software to start mining for Bitcoins. He also tried to re-assure users that the client was only mining for a short period of time and only netted a total of 2BTC (Bitcoins) which at the time of posting was worth around about $280 USD.

As a System Administrator and IT Professional I can’t really explain how a restart or crash could make such changes, neither could the gaming community at ESEA.

Some gullible of naïve users took the announcement and answer but more and more questions followed as the more savvy users pointed out the significant flaws in these explanations.

Further down the forum discussion following the above announcement one user suggested that it would be an interesting feature to allow end users to offer up their systems for Bitcoin mining in order to forgo the subscription fee, Ipkane then replied stating that was the overall intention of the code.

So far nobody seems to be able to realistically state how this is A) an April fools joke and B) how a server restart enabled such features of their client.

More users started to pull the client apart and analyse the code, Ipkane then stated that the code was Mining for multiple mining pools and sending the money to different Bitcoin addresses (wallets) after checking the transaction history the same user found that the ESEA client had generated significantly more than ESEA and Ipkane originally wanted you to think.

Now we roll the clock forward to today, the day after this fiasco to find yet another explanation of what happened has surfaced. In a news article by admin ‘Torbull’ today he states that it was a member of the team who will remain unnamed, despite forum users pointing the finger at both Ipkane and Jaguar.

Torbull goes on to explain that:

“With the whole fervor around Bitcoin, we did conduct some internal tests with the Client on only two of our own, consenting administrators’ accounts to see how the mining process worked and determine whether it was a feature that we might want to add in the future. We thought this might be an exciting new tool that we could provide to our community. Ultimately, we decided that it was not.

On April 13, 2013, after the initial tests, ESEA informed those involved in the test that we were killing the project and they should stop using the beta test. It came to our attention last night, however, that an employee who was involved in the test has been using the test code for his own personal gain since April 13, 2013. What transpired the past two weeks is a case of an employee acting on his own and without authorization to access our community through our company’s resources. We are extremely disappointed and concerned by the unauthorized actions of this unauthorized individual. As of this morning, ESEA has made sure that all Bitcoin mining has stopped. ESEA is also in the process of taking all necessary steps internally to ensure that nothing like this ever happens again.”

Again some users are happy with the explanations that they’ve received from ESEA staff however more and more users are getting increasingly frustrated with the lack of honesty and use of scapegoats as this company continues to play a game of internal finger pointing.

I look forward to seeing more revelations on this one and I expect to see a few more examples of developers hiding code in their applications to take advantage of unsuspecting users.

Learn more about staying safe online in this handy guide.