Path of Exile 2
Cyrex partnered with Grinding Gear Games to deliver specialized penetration testing for Path of Exile 2, securing gameplay services, validating client-side integrity, and protecting the in-game economy from exploit paths ahead of launch.
The Challenge
Protecting a Complex ARPG Economy from Exploits
Path of Exile is defined by depth — intricate skill systems, layered mechanics, rare loot, and a player-driven economy that rewards mastery. With Path of Exile 2, Grinding Gear Games wasn’t just shipping a sequel. They were building a new foundation for a universe players invest thousands of hours into.
In a hardcore online Action RPG, security directly impacts game integrity.
An exploit affecting loot generation, skill validation, or server trust assumptions can destabilize the in-game economy and undermine player progression. For a title with a global, competitive player base, even minor vulnerabilities can scale quickly.
Grinding Gear Games needed a partner capable of going beyond surface-level checks and diving deep into:
- Core gameplay services
- Client-to-server communication logic
- Client-side binary integrity
- The validation layer protecting progression and itemization systems
The objective was clear: identify and eliminate exploit paths before they reached the live environment.
The Cyrex Solution
Focused Gameplay Penetration Testing
Cyrex partnered with Grinding Gear Games and Tencent to conduct a highly specialized penetration test centered on gameplay services.
This was not generic API testing. The engagement focused on systems that directly influence player fairness and economic stability.
Targeted Gameplay Service Validation
Our senior security engineers examined hundreds of client-to-server Remote Procedure Calls (RPCs) tied to core gameplay functionality.
Using an attacker’s mindset, we:
- Tampered with gameplay-related RPCs
- Validated server-side authority and input handling
- Tested progression and item-related interactions
- Assessed whether gameplay actions were properly validated server-side
Every interaction — from skill usage to item pickup — was evaluated to ensure it could not be manipulated through crafted requests or altered traffic.
Dedicated R&D for Network Integration
Path of Exile 2’s networking services required precise integration for meaningful testing.
Cyrex conducted dedicated research and development to ensure our tools and methodologies aligned with the game’s unique architecture. This allowed us to:
- Integrate seamlessly with live gameplay flows
- Avoid superficial scanning approaches
- Perform precision testing against real gameplay logic
The result was a controlled but realistic attack simulation aligned with the title’s actual network behavior.
Client-Side Security Assessment
Beyond server validation, Cyrex conducted a deep analysis of client-side implementations.
This included reviewing the game binary to identify potential manipulation vectors, such as:
- Client-side trust assumptions
- Opportunities for bypassing validation checks
- Potential cheat-enabling weaknesses
For online ARPGs, client hardening is critical. If attackers can manipulate the binary or intercept trust boundaries, economic and gameplay integrity quickly erodes. Our assessment focused on closing those gaps before launch.
The Outcome
Secured Gameplay Integrity for a Global Launch
- Identification and remediation of gameplay-related vulnerabilities
- Strengthened server-side validation across core systems
- Hardened client-side implementations against manipulation
- Protection of in-game economic integrity
Don't Let Players Find the Weakness
Your launch is months away. Hackers will find exploits in hours. Let our engineers secure your game before it's too late.
Response time: <24 hours • NDA included • No commitment required