The hackers who targeted video game developer CD Projekt Red (CDPR) with a ransomware attack are now auctioning off the stolen source code they acquired for a payday of potentially millions of dollars.
The breach, which CDPR first disclosed yesterday after learning of it on Monday of this week, involved critical game code related to high-profile releases like The Witcher 3 and Cyberpunk 2077. CDPR said at the time that it had no intention of meeting the hackers’ demands, even if that meant stolen material from the hack began circulating online.
But a cybersecurity firm called KELA, which specializes in providing threat intelligence to companies based on analyses of dark web websites and communities, says it has reason to believe the auctions are, in fact, legitimate.
“We do believe that this is a real auction by a real seller who accessed the data. The seller offers to use a guarantor and he allows only those who have a deposit to participate — a tactic that is used by many sellers to show that they are serious and to ensure that no scam will occur,” a spokesperson for KELA tells The Verge.
KELA says the auction is offering source code files for both the Red Engine and CDPR game releases, including The Witcher 3: Wild Hunt, Thronebreaker: The Witcher Tales spinoff, and the recently released Cyberpunk 2077. The stolen material is also believed to include internal documents, though it’s not clear what types of documents or additional material the full cache includes.
KELA says the starting price of the auction is $1 million, with higher bids in increments of $500,000 and a buy-it-now price of $7 million. Only users who deposit 0.1 bitcoin can participate, which is why Kivilevich believes the hackers are serious about hosting the auction and that the material for sale is likely legitimate because it ensures nobody participating in the auction is trying to scam the sellers
Projekt Red just can’t catch a break.