CD Projekt Red just can not seem to get a break this year. Following its Cyberpunk 2077 release fiasco, the studio has had a string of bad luck. While currently engaged in a legal battle with its own investors over the Cyberpunk 2077 launch hackers decided to kick them while they were down and break into their network. An unknown group of hackers claims to have retrieved the source code for Cyberpunk 2077, Witcher 3, Gwent, and an unreleased version of Witcher 3. They also claim to have possession of important documents related to accounting, administration, legal, HR, and investor relations. CD Projekt Red revealed the ransom note to the public on Tuesday along with a statement saying they would not give in or negotiate with the hackers no matter the result.
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
How much worse can it get for CD Projekt Red? Multiple sources show in the tweets below have confirmed the hackers have sold the source code in an auction that was to be ended at the request of the buyer. CD Projekt Red stood its ground but at what cost?
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6
— KELA (@Intel_by_KELA) February 11, 2021
Rumors suggest that the auction was a success and someone has purchased the stolen CD Projekt Red data.
We do not know the amount in which the materials were purchased for.
We cannot provide screenshots of the auction at this time.
— vx-underground (@vxunderground) February 11, 2021
While it was said that the data was purchased from outside the forum where the auction was held it is still unknown who purchased it. Screenshots of the data were leaked online to validate the acquisition of the stolen data by vx-underground.
CD Projekt Red’s ransomed data has been leaked online. pic.twitter.com/T4Zzqfn78F
— vx-underground (@vxunderground) February 10, 2021
KELA a leading cybersecurity firm specializing in dark web analysis reported that the starting price for the auction was $1 million, with a buy-out price of $7 million. Everything is currently under investigation but a source did tell Wired he thought it was possible ransomware called HelloKitty was used in the attack. When will CD Projekt Red be able to get back to just making great games?