Over the weekend, a massive exploit was discovered in Dark Souls 3. The issue in question is a Remote Code Execution (RCE) exploit that can allow hackers to run any code they like on someone else’s PC. An RCE exploit allows hackers to do whatever they like with a PC including stealing private info, installing crypto miners, and bricking the computer. Essentially, a hacker using an RCE can do pretty much whatever they want with a PC. In response to the exploit being spread online, Bandai Namco and From Software have elected to take all of its Dark Souls games offline on PC. Check out the tweet announcing that the games have been taken offline below.
It isn’t clear why it has taken so long for the RCE exploit in Dark Souls 3 to come to light. The hack was seen in action during a Twitch stream by The__Grim__Sleeper. Although the exploit was used in the stream, it was only used to crash the game and use the narrator to begin reading some text. It’s believed that the person who executed the hack on The__Grim__Sleeper did so in order to bring attention to the exploit. It’s reported that they had tried to bring the Dark Souls RCE exploit to the attention of the developer, From Software. However, they hadn’t received a response from the developer and felt they weren’t taking the exploit seriously enough.
The decision to take all of the Dark Souls games offline on PC shows how serious the issue is and how seriously From Software is now taking the exploit. The same exploit has also been found in the code for the data mined version of Elden Ring, meaning the upcoming game could have the issue too. It’s unclear when the Dark Souls games will come back online or whether From Software will be able to remove the exploit from Elden Ring before it is released.