Hackers have reportedly sold the game source code and other information stolen from Cyberpunk 2077 and The Witcher 3 studio CD Projekt Red (CDPR). Cybersecurity firm Kela released screenshots of a post on the hacking forum Exploit allegedly posted by the attackers, saying that they’ve received an offer for the data from outside the forum. They added that they ended the auction at the request of the buyer. Cybersecurity Twitter account vx-underground subsequently confirmed that the auction had closed.
On Tuesday, CDPR disclosed it had been the victim of a ransomware attack in which hackers had collected “certain data” from the company. It posted a ransom note from the hackers, in which they claimed to have access to source code from the studio’s most popular games, as well as internal legal, HR, and financial documents. CDPR said it would not give in to the demands or negotiate with the hackers, even if that meant the stolen data would begin circulating online.
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6
— KELA (@Intel_by_KELA) February 11, 2021
Update: we have confirmed the auction has closed. Someone has indeed purchased the material.
Image courtesy of @DrFurfagMD pic.twitter.com/TnQVqTiM5w
— vx-underground (@vxunderground) February 11, 2021
It is not known who purchased the data or how much it was sold for. However, the auction was thought to have included source code for Thronebreaker: The Witcher Tales spinoff, The Witcher 3, a ray-traced version of The Witcher 3, Cyberpunk 2077, and copies of the company’s internal documents. That’s according to screenshots posted by vx-underground. The auction followed a leak of the source code for CD Projekt Red’s virtual card game Gwent, which was verified by Vice.
Kela previously reported that the starting price for the auction was $1 million, with a buy-it-now price of $7 million. These terms were subsequently verified by vx-underground, too.
Although the hackers have not been officially named, one security researcher told Wired he believed it involved the use of the HelloKitty ransomware, which had also been used to hack a Brazilian power company called CEMIG.
A spokesperson from CD Projekt Red did not immediately return The Verge’s request for comment. However, earlier this week the company told Vice it is still “actively investigating” the incident.