Skip to main content

"Maliciously-crafted" Pokémon can crash Sword and Shield via Surprise Trade

But it's still fairly rare.

Looks like some Pokémon Sword and Shield players using Surprise Trade are getting more than they bargained for, as hacked Pokémon have been crashing games - and even disabling online features.

First made public by Pokémon modder Kurt on Twitter, the bug occurs when a "maliciously-crafted" Pokémon is sent via the game's Surprise Trade feature (basically Pokémon roulette). While receiving one of the malicious Pokémon doesn't corrupt save data, it crashes the game when the player attempts to access online features: effectively disabling online functionality in that particular Sword and Shield save.

According to player accounts, the bug can also occur when a hacked Pokémon is sent during a normal link trade - but this only happens once, and the offending Pokémon can simply be released afterwards.

As of yet, there appears to be no way to solve the surprise trade bug on an unmodded Switch: players either have to restart the save file, or live without online functions until Game Freak patches the bug.

Eurogamer has contacted Nintendo for comment, but has not heard back at time of writing.

It seems there have already been a small number of reported cases in the wild, with some victims sharing videos of the problem. The unpatched bug is now causing something of a panic amongst Pokémon Sword and Shield players, many of whom are refusing to surprise trade until the problem is fixed. But exactly how widespread is the problem, and should players be concerned?

To find out a little more about what's going on, I spoke to one of the Pokémon modders who discovered the problem, known as architdate, who came across the bug when searching for potential exploits. He explained there's a key difference between these hacked Pokémon and the clones often found in Surprise Trade.

"The Pokémon themselves need to be created with intent", architdate told me. "Normal hacking programs (such as PKHeX) can't make them natively. You need to know what you are doing to specifically edit them to cause that behaviour.

"I have seen people on Twitter be paranoid that their legitimately obtained Pokémon or the Pokémon they made in PKHeX caused this! That's not really the case!"

And in terms of how the hacked Pokémon cause crashes, architdate gave the following explanation (and proof of concept video):

"When you surprise trade someone, it shows trade complete at the bottom of the screen; pressing Y then initiates the animation for surprise trade. It will continue to initiate the animation until you have seen it fully (even after restarting the game).

"However since we crash as soon as the animation starts, the game does not register that as having seen the trade animation. So the game crashes and when you reopen the game, you still have the message 'trade complete' and pressing Y causes the crash again."

architdate told me he knows there are people deliberately creating and sending the Pokémon to crash games (and I've seen a screenshot of someone claiming to do so). For those who know how to do it, the process is apparently quite easy - but how many are capable of getting to this point?

"I don't think there are very many people doing it right now, but as friends tell friends, we expect that number to grow quite a lot in the coming future", architdate said. "Also given the severity of this sort of a payload, it is necessary for people to stop surprise trading until a patch is released."

The good news about this bug is it's not totally game-breaking, and doesn't corrupt saves. It's also quite unlikely you'll be affected, but if you're really worried about catching it, you can avoid it by simply not using surprise trade until it's patched. Inconvenient, certainly, but not catastrophic. As for those impacted by the bug, the modders who discovered it have already given Game Freak a heads-up - so hopefully it will all be fixed soon.

Read this next