An infamous group of hackers known as “nerds INC” or more often called -tyranny has been using an exploit for the past three years in hiding, and this has only been recently disclosed to the public.
This has been recorded as one of the worst exploits. It is able to track real-life coordinates of over 3000 players across the whole map and all three of its dimensions,
15000 bases were found using this exploit and were used to griefed countless builds and destroy millions of precious items as well as steal about 2 million items from the stashes.
This group was said to leave the server a few years ago but has been working behind the scenes in hiding ever since.
This exploit goes on to show how flawed the game mechanics Minecraft has.
Since the server began in 2010, players have tried using exploits in order to be more powerful
This all started in 2016 a group of players known as Nerds Inc tried to take over the server by using hacks and clients and had successfully achieved it so far that they had access to admin powers, but this was unfortunately short-lived as the admin “house master” came to find out about this.
After this many people in the group became inactive. In 2018 they made a comeback when two players by the names of – Ox22 and BubbaJ.
These two players were interested in exploits and had also crashed the server once by loading a massive amount of chunks at the same time.
They did this through an exploit that would break blocks hundreds of chunks away which made the server loads those chunks that players hadn’t even visited yet. This caused an immense amount of lag and crashed the server eventually.
Instead of overusing this exploit, they started thinking of a way this could be used to their advantage and make a coordinates tracker.
They did this by using the crashing exploit to send an out of memory messages to Housemaster, causing him to try and fix the bug and report the issue to paperMC, which is a client used to patch up vanilla Minecraft bugs and to fix this bug they would have to load the chunks with only players in them in order to unload ones without players in them, this is how they got their coordinates.
The two now shared their plan with a close friend named Fr1kin who was also a member of Nerds INC who confirmed that this plan could work.
In July of 2018, they started implicating this plan and crashed the server as fast and hard as they could. This caused the server to crash multiple times and notified House Master that players were trying to break blocks out of their render distance.
He reported the issue to paper on July 12th, and on the same day, the bug fixes the group needed was implemented.
When trying to break a block out of render distance the chunk would only respond if a player was in the chunk. This was the most primitive stage of their exploit.
They kept an AFK account that would break the chunks in a spiral motion, and if the chunks responded they would get the pingback of the player coordinates in the chunk privately in chat and also mark them down on a chart for them.
Bubbaj started to use this to find and destroy thousands of item stashes that cause an uproar and panic in society.
In order to keep the exploit on a down low, Fr1kin decided on the name NOCOM which was short for – no comment.
This was used because in case the exploit leaked this wouldn’t raise any red flags in the chat.
After this, the other trusted members of the Nerds Inc were notified and taught about this.
Throughout the next few months, this primitive way of using the exploit was found to be too much of a workload and was very resource-intensive. There was no way to know which specific players were in which chunk and it could not differentiate between the small bases and the hidden main bases, they needed some better way of doing this.
This is when a player by the name of Leijurv came in, he was a talented programmer and the lead developer of Baritone, a program that automated actions in Minecraft. The Nerds INC requested this help, he gladly accepted and started working on it.
Over the next few months, he made a lot of changes, first, he made searches more efficient with a program that was taught to follow players once it had identified them, which was done by running check up and down the major Highways and then followed them to wherever they were going.
The program was also taught to identify and search for unnatural blocks such as – shulker boxes, beacons, and more.
The program then managed to recreate the base in another Minecraft world with all the information it was getting from 2b2t and was saved as a world. This basically has the Nerds INC a kind of spectator mode to see all around the base.
With this Leijurv combined them with the Nerds original exploit. The NOCOM exploits became the most powerful exploit in the whole of 2b2t’s history.
It could track all the players in real-time with a one-second interval, locate base locations and coordinates, and player out log spots. Heat activity could even tell them where the most player activity was happening at all times.
This exploit was so powerful that it could also be used on other servers as well, so they had to hide it. The group had to feed the community false information to not raise any red flags. Every time anyone in the community would suspect them, they would have to hunt and shut it down with false information or “secret information” that no one knew about till then.
In 2019 the Nerds INC started using this exploit more in order to hunt down and grief bases on the server such as – Space vault 3 and the Ice dragon at Niflheim and many more.
Most of the time they would just leak the coordinates and let a huge group of griefers destroy it and so on, they started meeting the community by leaking the coordinates.
But in the second half of 2017, a player named BIBLEBOT, one of the AFK accounts that were being used was locked by Minecraft due to “authentication and suspicious activity”. Housemaster also lowered the package amount of the server by a lot, this made the exploit unusable by having only a single account logged in. Hence multiple accounts had to be used to be able to maintain the rate. Leijurv also had to reprogram his machine to overcome these walls. And after a few months, the exploit was up and running better again, but they had to sparce the use of it to not get up any suspicions.
Ox22, bubbaj and leijurv were also part of a huge group called the SPAWNMASONS, who are well known for their big projects. These three started taking chunks of data and giving it to them.
A player named Dectonic of the group would take the coordinates and scout them for usable building blocks and dispose of the rest.
In 2020 the group would then go on to steal from and destroy the rest they didn’t need from these scouted bases.
As the group started gaining more power, and the housemaster was still unaware of the exploit, a player named 0neb started to realize that there were a few accounts on the server at all times and were not being kicked out for being AFKed, this raised a red flag.
He started researching why these afk accounts were there and came to the conclusion that they were being used for an exploit. He started telling the rest of the community but was ignored or hidden, he also messaged Nerds Inc a few times but was ignored until he mentioned the AFK accounts.
But in 2021 another group came across the original paper on vulnerability.
These were Steve3, Mahan, and Redstoner, players of a group called the Infinity Incursion who were also able to use this exploit but in a much earlier stage than what Nerds Inc had first done.
In June and July, this exploit started to go public and through the two months bases and stashes began to be found and destroyed. 15000 bases were destroyed no matter who was online or not.
But finally on July 15th after three years, the housemaster implemented a range limit that destroyed this exploit, accounts couldn’t be tracked anymore and the server didn’t give information about far away chunks.
But the damage had been done, countless bases and players destroyed and ripped apart and almost 2 terabytes of information collected.