Valorant cheaters have watched their $6,000 investment turned into paperweights overnight as Riot Games updated the Vanguard anti-cheat software to block DMA (Direct Memory Access) cheating devices. Not content with just banning the offenders, there are reports of Vanguard “bricking” the hardware used by cheaters, necessitating a full operating system reinstall. The claims are somewhat misleading since the anti-cheat system only renders certain hardware temporarily unusable. Users have reported that reinstalling the operating system brings everything back to normal; don’t install Valorant or Vanguard on it again, or you’ll face the same result.
Riot Games took things a step further by openly mocking the cheaters on X: “Congrats to the owners of a brand new $6k paperweight.” Some members of the gaming community have applauded Riot Games for dropping the massive ban hammer on cheaters. However, others are questioning the ethical implications of Riot Games’ intrusive anti-cheat software, and even classifying it as borderline “malware.” Kernel-level access is the highest possible privilege on a system, and some users fear potential vulnerabilities and misuse.
DMA cards allow external hardware to read and write directly to a computer’s memory without passing through the middleman, which is the processor. DMA cards are vital tools for professionals such as debuggers, developers, and cybersecurity researchers. Over the years, cheat developers have found another calling for DMA cards: bypassing anti-cheat software. The misuse has led to an ongoing cat-and-mouse game with cheaters and game developers. On this occasion, Riot Games came out on top.
Competitive online multiplayer games, such as Valorant, typically use kernel-level detection to continuously monitor the processor and operating system for unauthorized cheat software. As a result, software-level cheats are flagged instantaneously, which is why cheat developers have turned to DMA cards to separate the cheat software from the computer that’s running the game, in this case, Valorant.
Phillip Koskinas, the Head of Anti-Cheat at Riot Games, recently shared an example (embedded below) of what a typical DMA cheating device setup looks like. It looks fascinating, like a Frankenstein project cobbled together in someone’s garage for a science fair. It shows the lengths some players are willing to go to just to have an upper hand in a free-to-play game.
congrats to the owners of a brand new $6k paperweight https://t.co/3rjZVQntrc pic.twitter.com/fS3JC0FL0pMay 21, 2026
There are many variations of a DMA cheating setup. At its core, the process begins by installing a DMA card into the primary computer that’s running the game. Cheat developers than flash them with custom-modified firmware to disguise the DMA card and trick the operating system into thinking it’s another device, such as a network adapter or USB expansion card.
The setup requires a second computer, which can be a laptop or mini-PC, that acts as the command center for running the actual cheat software. This system connects to the primary gaming system through a standard USB connection. The DMA card provides direct access to the gaming machine’s memory, allowing the second system to read real-time game data without being detected.
To complete the circuit, cheaters have to add a KMBox, a hardware controller that emulates physical keyboard and mouse inputs, to bridge both systems. The commands generated on the second system travel through the KMBox to the primary PC as legitimate movements and actions, paving the way for aimbots and wallhacks.
Please explain the target demographic for this product. How does someone burn $6000 on cheat hardware and still have the self-esteem required to assemble it? pic.twitter.com/RzgEXXOgdDMay 21, 2026
Logically, Riot Games won’t disclose how it neutralized these DMA cheating setups. The prevailing theory is that the latest Vanguard update is now enforcing stricter IOMMU (Input-Output Memory Management Unit) checks. The IOMMU is a component inside a processor that’s responsible for managing and regulating how peripheral devices access system memory. Rumors suggest that Vanguard now blocks DMA firmware that attempts to communicate over SATA or NVMe protocols, two popular firmwares used by cheat developers to masquerade the DMA card as a legitimate storage controller.
Follow Tom’s Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
Leave a comment