Cyberpunk 2077 and Witcher 3 source code reportedly sold by CD Projekt Red hackers

It is not clear who purchased the data, how much they paid for it or even the currency they used

The cyber actors behind this week's ransomware attack on CD Projekt Red (CDPR) appear to have sold the stolen data on a hacking forum.

According to data security source VX-Underground, the hackers ran an auction for the source code of Cyberpunk 2077 and The Witcher 3 on a hacking forum, but shut it down after allegedly accepting an offer from elsewhere.

'The auction was a success and someone has purchased the stolen CD Projekt Red data,' VX-Underground stated on Twitter.

https://twitter.com/vxunderground/status/1359890201686990863?ref\\_src=twsrc%5Etfw

It is not yet clear who purchased the CDPR data or how much it cost them - although the starting bid was $1 million, with an instant purchase price of $7 million.

https://twitter.com/vxunderground/status/1359568916339646466?ref\\_src=twsrc%5Etfw

Cybersecurity firm KELA said that the auction appeared to be legitimate.

'We do believe that this is a real auction by a real seller who accessed the data. The seller offers to use a guarantor and he [sic] allows only those who have a deposit to participate — a tactic that is used by many sellers to show that they are serious and to ensure that no scam will occur,' a spokesperson for KELA told The Verge.

VX-Underground later posted a screenshot from a forum user, confirming that the auction had concluded.

There are many speculations about the buyer. It is possible that CDPR bought the data itself, despite its promises not to negotiate with the cyber criminals.

Another theory goes that the buyer could be the government, a rival firm or independent sources.

CDPR, which is based in Poland, revealed the hack on Twitter this week, when it stated that it had been the target of a ransomware attack.

The firm said that an unidentified actor was able to compromise some of its internal systems and gain access to sensitive data. They encrypted drives on the network and also left a ransom note.

Meanwhile, the attackers released a statement saying they had accessed the source code for Cyberpunk 2077, Gwent, The Witcher 3 and an 'unreleased version of Witcher 3'.

The group threatened to sell or leak the source code, along with internal accounting, HR, and legal documents, if they failed to reach an agreement with CDPR within 48 hours. However, CDPR said it would not concede to ransomware demands or negotiate with the hackers.

Although the hackers encrypted systems on CDPR's network, the developer was able to restore some data from backups. It also said that systems containing players' personal data were not affected.

Although the cyber group behind the attack has not been officially named, a security researcher told Wired he believed they used the HelloKitty ransomware. This strain was previously used to hack CEMIG, a Brazilian power company.