Cyberpunk hackers ‘sell off’ CD Projekt Red’s stolen source code after ransomware attack

Hackers have reportedly sold off the source code of CD Projekt’s ‘The Witcher 3’ and ‘Cyberpunk 2077’ titles, after attempting to hold the Polish video game developer and publisher to ransom.

Fresh from a public outcry over the shambolic release of ‘Cyberpunk 2077’ before Christmas, CD Projekt Red (CDPR) was in the news again this week after it fell victim to an alleged cyberattack. Hackers claimed to have stolen the source code to the company’s ‘Red Engine’, which powers both ‘Cyberpunk 2077’ and ‘The Witcher 3’, a smash hit for the Polish studio. The hackers also claimed to have taken an unreleased version of ‘The Witcher 3’, and “documents relating to accounting, administration, legal, HR, investor relations and more.”

CDPR refused to pay up, and the hackers were all set to go ahead with an auction, until cybersecurity firm Kela released screenshots of a post on the hacking forum Exploit, in which a user claiming to represent the hackers stated that they had received an offer, sold the files, and halted the auction.

As the mystery buyer reportedly paid up on condition that the files would not be resold, some commenters suspected that CDPR itself had got in touch with the alleged cybercriminals and bought back their own data. There was no public comment from the company at the time of writing.

The identity of the hackers is unknown, though one cybersecurity researcher told Wired that the hack likely involved the use of the HelloKitty ransomware, which was previously used to hack CEMIG, a Brazilian power company.

Think your friends would be interested? Share this story!