Earlier this week CD Projekt RED’s problems escalated beyond the mere backlash from fans and media outlets as the developer suffered a catastrophic breach within their server’s cybersecurity. The developers were hacked by a group that has come to reveal themselves on Reddit with the user name “redengine”.
The group managed to steal many high-profile files including source code for the developer’s most popular projects, including the recently released Cyberpunk 2077, The Witcher 3, Gwent, and the upcoming ray-tracing enabled version of The Witcher 3.
The dump is also said to include a variety of internal documents and what the seller vaguely refers to as CD Projekt RED’s “offenses,” though the studio assured former employees yesterday that no personal information was accessed.
During the breach, the hacker group left a ransom demand and a 48-hour deadline to cooperate with their demands, well the deadline has passed and the group has attempted to follow through with the threat of leaking the files.
The group claiming to be behind the hack has now posted the source code of CD Projekt RED’s GWENT card game on a hacking forum and claim to be auctioning off the source code for Witcher 3 and Cyberpunk 2077 on the Exploit Forum with a starting bid of $1 million, or the option to buy it upfront for $7 million.
Vx-underground, well known in the security circuit, was first to spot the posting on the Exploit Forum and posted on their Twitter account, the starting was set at $1 million but with an option to buy it now for $7 million, some sample of the stolen code was posted alongside the initial post, the leaked Gwent files also appear to have made their way to a handful of other forums, including 4Chan, with the main download hosted on Mega.
Update: a mistake was made. They stated starting bid $1kk. This was assumed as a typo for $1,000. They meant $1,000,000. They are also selling immediately for $7,000,000.
— vx-underground (@vxunderground) February 10, 2021
All the posts have since disappeared and deactivated, this throws fuel on the conspiracy that the hack was indeed fake, shifting focus away from problems with Cyberpunk 2077, nothing more than a play for more time to develop updates for Cyberpunk.
The forums involved are actively working to ensure that the went files which appear to be the first step of the groups’ attack don’t end up in too many public hands.
Releasing the stolen data in parts is a tactic used by many hacker groups to intimidate the victim to cooperate with demands, so far CD Projekt RED has kept their word and still refuse to give in to the demands.
So far no media outlet or evidence has been presented to validate the authenticity of the hack, only the word of CD Projekt RED, something given recent events doesn’t carry a lot of weight, and recent forum posts.
The consequences if the hack was indeed fake would spell the end of CD Project RED, utilizing a story of this nature for a few extra weeks of time to finish patches seems far-fetched to say the least.
Though, the listing might’ve disappeared due to an offer being accepted. According to IGN, at least.
“Dark-web monitoring organization KELA (which previously provided The Verge with what it believes to be legitimate file lists from CD Projekt’s RED Engine) reports that an auction set up to sell the files has now been closed after a “satisfying offer” was made from outside of the forum it was being held on. That offer reportedly stipulates that the code will not be distributed or sold further. Cybersecurity account vx-underground also reported that it had heard the sale was completed.”
Rumors suggest that the auction was a success and someone has purchased the stolen CD Projekt Red data.
We do not know the amount in which the materials were purchased for.
We cannot provide screenshots of the auction at this time.
— vx-underground (@vxunderground) February 11, 2021
Follow FOV Magazine on Twitter for more updates on the gaming medium as a whole!