Apparently, there was a humongous flaw within ESPN’s Fantasy Sports leagues that allowed anyone to force anyone else in any league (including leagues you weren’t even in) to drop any player to the waivers, then change the waiver order in their favor to pick up the dropped player before anyone else could, by using an extremely easy process involving URLs. Thankfully, ESPN quickly fixed the issue.
The process was remarkably simple.
Step 1: Find a player you wish to drop, pretend you are going to drop him in order to get to the drop confirmation page. Once there, you don’t actually have to go through with the drop, but rather, familiarize yourself with the confirmation page’s URL.
The green box in the picture above is the code of a player and the red box is the code of the team which the player is on. Make sure to leave this page opened, or at the very least, copy/paste this link somewhere because you’ll need to access it later.
Step 2: Navigate to the players listing page and copy the link that you would normally use to propose a trade for a desired player. (Right-click on the trade icon, select the copy link choice.)
Step 3: Paste the link into the address bar and you’ll see the player and team codes for the player you chose from the players listing.
Step 4: Take the team and player code you copied from the trade link, then add the numbers from the player you want to steal in place of the numbers from Step 1. Depending on your fantasy settings, these codes may appear multiple times throughout one URL, so make sure to replace every occurrence of your own team and player codes with the new team and player codes. This will bring you to the drop confirmation page, at which point, you can drop the other player from the other team. The confirmation page may display the player as “Undisclosed Player,” but it is assuredly the player you targeted.
Note: Most standard fantasy leagues put dropped players onto the waiver wire and protect anyone from picking them up for a few days, creating a mad dash to grab the player once the waiting period is over. Most standard leagues also employ a waiver order which prevents teams lower on the order from grabbing a waiver wire player before a team higher on the order. This waiver order is also able to be manipulated.
Step 5: By using the exact same process of team and player codes coupled with confirmation links, you can easily force other teams to make a waiver wire claim, pushing them down the waiver wire list, repeating the process until your team is at the top, solidifying your waiver claim on the original player forcefully dropped from the other team.
Thankfully, ESPN has quickly fixed the issue, though it seems incredible that such a glaring, easily manipulated process was existent in ESPN’s fantasy leagues, a system which regularly has money staked on each season for a large portion of the fantasy playing populace. An even weirder facet made apparent by the flaw is that ESPN didn’t use behind-the-scenes coding to deal with player transactions, and rather, had the “serious” part of fantasy function through numbers plainly displayed in URLs.
(story from Billy (BK) Rios via Deadspin, pictures via Deadspin)
Published: Sep 24, 2010 01:04 pm