I was wondering about this as well. What exact mechanism did they use to detect the read? Something like mprotect would only trigger for the game process, not another process that snooped the game's memory remotely. I wonder if the cheat tool was really dumb enough to run in the same process as the game itself? That would be pretty amusing.
Or a use after free bug from an unlucky player. With millions (billions?) of account-hours over the honeypot period surely at least a few bans are outrageous coincidences
I imagine they'd probably agree with that assessment; they didn't say they were 100% positive that every single ban was deserved, just that this gave them a very high degree of confidence. I think this method is probably more accurate than most other anti cheat methods for online games out there, and it definitely is less invasive than most of the ones I've heard of. I have trouble thinking that this is a worse way of doing things than not addressing cheating at all or relying on much more invasive methods.
I wonder how many non-cheating users of some obscure AV solution that scans memory they banned.