CD Projekt Red Hackers Allegedly Ready To Auction Stolen Data

CD Projekt Red Hackers Allegedly Ready To Auction Stolen Data
The reception area at CD Projekt's office in Warsaw, Poland. (Photo: CD Projekt)

Earlier this week, Cyberpunk 2077 developer CD Projekt Red announced that its cybersecurity had been compromised, resulting in attackers gaining access to various internal files. Now, it appears as if those hackers are ready to cash out with a big-money auction of the data, which allegedly includes source code for some of the Polish studio’s biggest games.

According to malware data aggregator vx underground (h/t Tom’s Hardware, Eurogamer), the CD Projekt Red hackers have apparently surfaced on Exploit, a Russian hacking forum. Screenshots show a user named redengine claiming to have source code for Cyberpunk 2077, The Witcher 3: Wild Hunt (both the original game and an upcoming raytracing-enabled version) and Thronebreaker: The Witcher Tales.

The dump is also said to include a variety of internal documents and what the seller vaguely refers to as CD Projekt Red “offences,” though the studio assured former employees yesterday that no personal information was accessed.

The auction starts in roughly 14 hours with a starting bid of $US1 ($1) million, though there’s some doubt in hacking circles it will get anywhere close to that amount. The Exploit forum post also says that the data is available for a flat payment of $US7 ($9) million before things get under way.

Similar to what we saw with last year’s Capcom hack, bits and pieces of the stolen CD Projekt Red files have allegedly started to make the rounds online. A now-deleted 4chan post included what appeared to be a download link for the Gwent source code; Kotaku has not been able to verify its authenticity.

CD Projekt Red previously stated that it will not be playing ball with the hackers.

“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” the studio said in an official statement on Monday. “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”


  • I don’t see this ending well for the hackers. Whatever information they give will help cybersecurity experts track them down. They will be caught eventually.

    • It’s going to depend a bit on where the hackers are located. I can see the Russians doing something, particularly given that CD Projekt is a Polish company, although their attitude to such things has been inconsistent. China may or may not care, but certainly is unlikely to be extraditing anyone anywhere for a trial. But if North Korea is involved, and they have a history of such hacks (see Sony Pictures), there is buckley’s chance of anyone ever being caught.

      • Mate, English words have meaning. You need to put them in order while following the rules of grammar so that they make sense. What you’ve written does not make sense. Please English harder.

Show more comments

Log in to comment on this story!