After CD Projekt Red refused to pay a hacker's ransom, the source code for Cyberpunk 2077 is already up for auction online.
It looks like CD Projekt Red can't catch a break, with the recent hacking scandal being the start of something much bigger. A security breach saw hackers hold the acclaimed developer to ransom, but with the developer refusing to pay up, the source code for Cyberpunk 2077 and The Witcher 3: Wild Hunt have apparently found their way online for purchase to the highest bidder.
After nearly a decade of waiting, Cyberpunk 2077 finally launched in December 2020 to what was supposed to be one of the best games of the decade. Unfortunately, the numerous delays that led to the eventual release were just the tip of the iceberg. Alongside complaints, the game should never have been released on PlayStation 4 and Xbox One due to graphical underperformance, glitches have been running rife, and CD Projekt Red even warned against potential security problems with mods. Ironically, it was the developer that ended up being hacked, with those involved holding the company over a barrel.
How did the Cyberpunk 2077 source code end up online?
CD Projekt Red announced the breach and explained how it was being ransomed by a cyber attack. Although the developer called the hacker(s) bluff, Twitter account @vxunderground confirmed the source code is currently up for auction online. The leak apparently includes source codes for several CDPR titles, including the virtual card game Gwent. The most valuable are obviously Cyberpunk 2077 and The Witcher 3: Wild Hunt, which are reportedly being sold off with a starting price of $1 million. If you have a spare $7 million, you can buy the code for The Witcher 3's next-gen upgrade immediately.
Speaking to The Verge, cybersecurity firm KELA said it believes the auctions are the real deal. A spokesperson explained, "We do believe that this is a real auction by a real seller who accessed the data. The seller offers to use a guarantor and he allows only those who have a deposit to participate — a tactic that is used by many sellers to show that they are serious and to ensure that no scam will occur".
KELA intelligence analyst, Victoria Kivilevich, downloaded information sent by someone claiming they're involved with the auctions. Kivilevich sent screenshots to The Verge and confirmed she thinks it's a legitimate threat. The screenshots included snaps of stolen source code from the Red Engine - CDPR's in-house engine.
What happens with the Cyberpunk 2077 source code auction?
As a final warning, Kivilevich says you can only enter if you deposit 0.1 bitcoin, meaning this extra step of verification implies the process is real. If everything is to be believed, the action is already closed. KELA says a satisfying bid was met, suggesting someone stumped up the full $7 million to get its hands on the source code. Could it have been CDPR? Continuing to call the hackers' bluff is a dangerous game of chess. The latest update from CDPR saw the developer assure ex-employees their data is safe but advised them to make the necessary precautions of enabling fraud alerts.
It's unclear what someone would want with the source code, and what damage they could do, but CD Projekt Red is trapped between a rock and a hard place. Despite downplaying the severity of the auction, CDPR is at the centre of a media storm once again. What happened to the days when it was a simple case of releasing a game, giving the odd update, and watching players enjoy it? For whatever reason, CD Projekt Red is facing a serious run of bad luck. One thing's for sure, this is one drama that is likely to get worse before it gets better.
Images via CD Projekt Red