Zwift bans whistleblower for publishing details of powerful weight-doping cheat

When one Zwift user published a simple, effective, and undetectable Zwift weight-doping cheat, he found himself on the receiving end of the punishment.

Don’t miss out on the latest CyclingTips updates.

Jump To Comments

Zwift has found itself embroiled in a weight-doping scandal and ensuing backlash after banning the whistleblower who started it, all on the eve of the UCI Esports World Championships. ZwiftInsider reports that one of its contributors, Luciano Pollastri, uncovered a weight-doping hack that is simplistic and effective, making a rider effectively unbeatable in Zwift’s virtual world.

Zwift calculates speed based on a combination of power output, rider weight, and rider size. As a result, changing weight within Zwift can have a dramatic effect on the speed of a rider’s virtual avatar, particularly when climbing. Outlawed in Zwift’s rules and regulations, weight-doping is the act of entering an inaccurate and reduced body weight on Zwift. Naturally, this can greatly improve a rider’s climbing ability and so Zwift takes measures to ensure rider weight accuracy for online racing.

The hack makes inaccurate weight cheating ludicrously simple and all but impossible to detect in normal Zwift racing. Increased scrutiny in major events makes the hack detectable. We have decided against publishing the exact details of the hack, or how to implement it, but it allows for a temporary drop in weight whenever a rider desires. In Zwift parlance: imagine a featherweight PowerUp immeasurably more powerful and available at any time. If used to its full extent, the hack could turn any Zwift race into a circus.

The hack appears to evade Zwift’s current checks on rider weight, exploiting a loophole in the software. The potentially powerful effect of the hack is repulsive, but it’s the ease of use that is most ghastly. Not since early Tour de France when riders hoped on trains could cheating have been so powerful yet simple, but even that had a much higher chance of being caught.

According to ZwiftInsider, Zwift and ZADA (Zwift Accuracy and Data Analysis Group) have known of the cheat since at least January of 2021 but have not yet provided a patch to prevent it.

When contacted by CyclingTips, Zwift stated that the fix “is currently being worked on by the product team. Until now, the issue was relatively unknown.”

Luciano Pollastri had a plan to test, document, and report the cheating to Zwift HQ. During his investigation, Pollastri reported the hack to a private Discord group. Pollastri claims the response from the group indicated to him that not only was the hack well known within the Zwift community but ZADA and Zwift were both informed of its existence “years ago”. 

The full details of what ensued are available in a post on ZwiftInsider.com. The shorter version of events is Pollastri made the hack public on a new, dedicated WordPress site and, subsequently, a Reddit post (again, we are intentionally not publishing links to anywhere the cheat is detailed). Pollastri’s actions led Zwift to temporarily “shadowban” him from the platform for 30 days. A shadowban allows a user to keep using the platform and see other users during the ban, but the banned user is invisible to other users and does not appear in race results.

“The ban itself does not prevent him from using the platform – he can still Zwift, join events and race,” said Chris Snook, Director of PR at Zwift. “The ban, however, does prevent him from showing to other users in Zwift events and races, and he does not show in race results – essentially, he can participate but not interact or influence the experience of others for that 30 days”. 

Pollastri has defended himself, noting that many users already knew of the hack and Zwift had done little to prevent it appears to have done little to help his case. Zwift took the opinion that further publicising the hack had breached its Terms of Service, specifically section 5vii. Snook elaborated on the reasoning for the ban, explaining, “the punishment is not for testing the cheat, it’s for proactively spreading how to cheat.”

Facebook posts, Reddit threads, Zwift Forum threads were all alight with discussion on the cheat. Some, including the Zwift Forum thread, have since been deleted. As to why the posts were deleted, Zwift stated, “[The Zwift Forum thread]…contained information on how to use the exploit. It is not permitted to share such information on the Zwift forums, so this is why that post was removed.” 

A new post that avoids detailing the exact cheating method has since sprung up.

Pollastri claims he investigated the hack and published it with good intentions. He claims he wanted to make the racing community aware of the hack to help stub it out. Pollastri is, or at least was, an avid Zwift fan and an advocate for the platform. However, his decision to publish a hack, knowing its effectiveness, ease of use, and potential impact on the racing community, was always likely to see pushback. He undoubtedly exposed the cheat to many users who might never have heard of it. I hadn’t. 

As for its detectability, Snook explained Zwift’s product team is working on a fix, with that fix expected soon. Contenders for tomorrow’s Esports World Championships needn’t consider using the cheat because, Snook said, “this is something that can be detected and will not be a factor.”

Update: Zwift CEO, Eric Min, has since addressed the weight-doping hack and Pollastri’s ban in a statement on Zwift Forum.

Editors' Picks