The auction of stolen CD Projekt Red source has been completed according to a Twitter post from darknet intelligence firm Kela.
A tweet from yesterday (February 11) claims that the auction for the RedEngine has been closed, saying “An offer was received outside the forum that satisfied us. With the conditions of further non-distribution, in this regard, they were forced to withdraw the lot from sale.”
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6
— KELA (@Intel_by_KELA) February 11, 2021
Malware threat collectors vx-underground also posted details on their Twitter account, confirming the initial bid was set at £725,000 ($1million), with a sell immediately price at £5million ($7million).
Update: a mistake was made. They stated starting bid $1kk. This was assumed as a typo for $1,000. They meant $1,000,000. They are also selling immediately for $7,000,000.
— vx-underground (@vxunderground) February 10, 2021
The sale of this content comes after CD Projekt Red revealed that they had been the victim of a targeted cyber attack which had compromised their internal systems.
The unidenfified actor had gained access to the developer’s internal network. According to vx-underground, the files for sale in the auction included source code for Cyberpunk 2077, Thronebreaker, and The Witcher 3, including an unreleased version of the latter with ray-tracing enabled.
CDPR’s response to the hacker’s statement was that they “would not give in to the demands or negotiate”, but were “aware this may eventually lead to compromised data”.
Recently, Cyberpunk 2077 players have been asked by CDPR to stop using mods, due to a serious security risk in which a vulnerability in external DLL files the game uses can be used to execute code on PCs.