Friday, February 12th 2021

CD Projekt Red Hack: Red Engine, Multiple Games' Source Code Sold by Hackers

As if CD Projekt Red needed any more problems on their plate that weren't of their own creation, it seems that the hackers who recently infiltrated the company's infrastructure have turned out a profit on sensitive data. After source code for CD Projekt Red's Red Engine, Cyberpunk 2077, The Witcher 3, and Gwent were stolen from the company's servers, the company announced they had gone to the relevant authorities, and that they wouldn't negotiate with the data terrorists. Now, according to Cybersecurity company Kela, the hackers have de-listed their auction for the data - after requiring a starting bid of $1 million, and expecting $7 million for the entire package.

The deal apparently went through, with a condition that bars the hackers from re-selling the data to any other parties. It remains to be seen whether or not the thieves will abide by their word and the conditions reportedly set upon the sale. Of course, it is in the realm of possibility that CD Projekt Red themselves acquired the data anonymously so as to protect their corporate and technology interests - one can only imagine the repercussions of the company's efforts being exposed this way. And despite any ill sentiment that can be levied at the company for the state of Cyberpunk 2077's last-gen versions, I'd say that respect for the company's developers and team should have us all on their side on this one.
Sources: Kela @ Twitter, via TechSpot
Add your own comment

64 Comments on CD Projekt Red Hack: Red Engine, Multiple Games' Source Code Sold by Hackers

#1
ZoneDymo
"And despite any ill sentiment that can be levied at the company for the state of Cyberpunk 2077's last-gen versions, I'd say that respect for the company's developers and team should have us all on their side on this one."

yeaaahhhhhh no, I dont even care about the last-gen versions, that is so beyond unacceptable its pathetic, all anyone had to do was start the game up 1 afternoon to figure out it was not ready for release but apperently that was too much work, better cash in on those pre-orders and dont release a new trailer that actually represented to lack of content it has, not even a shadow of the promisses.

Imagine though this being some eleborate scheme to create some sympathy by them being the victims and then have modders go ham on teh source code to fix the game for them, ez money for no effort.
Posted on Reply
#2
moob
Was it though?

We know that there was an auction but there's no evidence anyone actually bought it. Could just be these hackers trying to save face.
Posted on Reply
#3
FreedomEclipse
~Technological Technocrat~
moob
Was it though?

We know that there was an auction but there's no evidence anyone actually bought it. Could just be these hackers trying to save face.
Im sure there are 'Agents' who work on the behalf of big publishers and developers who would of had them bid for the source code. Whats a few million to companies like Activision or EA? Its not even a bonus for one of their executives.

Unless the forensic team can track down the hackers and who bought the source code. We'll see more witcher like and mini games like gwent in some 4-6 years time from now after whoever has it has had time to deep dive into it and mine it for information.

Though Ive been told that the sale was made on the basis that the data wouldnt be traded or sold to anyone else be it an individual or corporation so it has to be kept private. The buyer could also make copies and sell it on again.

espionage happens. Just recently Intel opened a lawsuit against a former employee who used to work in their marketing department had access to a lot of sensitive information and data and sold it or attempted to sell it to microsoft or some other company.


I know its very cloak and dagger stuff but a lot happens and of course competitors want advantages over each other and the source code to one of the best games ever made will probably help them even if they dont copy and paste elements from it into their own game.
Posted on Reply
#4
mouacyk
FreedomEclipse
Though Ive been told that the sale was made on the basis that the data wouldnt be traded or sold to anyone else be it an individual or corporation so it has to be kept private. The buyer could also make copies and sell it on again.
I find that promise to be quite laughable. Honor among thieves? Right, lol.
Posted on Reply
#5
BSim500
mouacyk
I find that promise to be quite laughable. Honor among thieves? Right, lol.
Exactly. Given the data was illegally obtained and that the seller was almost certainly paid anonymously, what's the seller going to do to "enforce" it, go public, sue the buyer and promptly get arrested for the hack in the first place?... For the same reason, the conspiracy rumours that the buyer was secretly CDPR trying to keep it from leaking out don't make much sense as there's nothing to stop the seller (who probably has multiple backups) from selling it multiple times (as hackers of credit card databases have done in the past) after pocketing any payment from CDPR. Not paying up is the only sane move CDPR can make, and I'm more inclined to believe the conspiracy that the hacker faked a "sale" to save face as some are saying (well, unless the buyer was from a certain Asian country with notoriously poor IP protection looking to create an internal market for the Cyberpunk equivalent of this. If we see SinoPunk 2077 pop up over the next few weeks, we'll know for sure... :D
Posted on Reply
#6
PooPipeBoy
mouacyk
I find that promise to be quite laughable. Honor among thieves? Right, lol.
They obviously have their nose out of joint and want to dish out a copious amount of punishment. That's exactly what a terrorist is, and that's exactly why you can't negotiate with them. They're a bottomless pit of threats that can never be satisfied and will never stand by their word.
Posted on Reply
#7
FreedomEclipse
~Technological Technocrat~
mouacyk
I find that promise to be quite laughable. Honor among thieves? Right, lol.
BSim500
Exactly. Given the data was illegally obtained and that the seller was almost certainly paid anonymously, what's the seller going to do to "enforce" it, go public, sue the buyer and promptly get arrested for the hack in the first place?... For the same reason, the conspiracy rumours that the buyer was secretly CDPR trying to keep it from leaking out don't make much sense as there's nothing to stop the seller (who probably has multiple backups) from selling it multiple times (as hackers of credit card databases have done in the past) after pocketing any payment from CDPR. Not paying up is the only sane move CDPR can make, and I'm more inclined to believe the conspiracy that the hacker faked a "sale" to save face as some are saying (well, unless the buyer was from a certain Asian country with notoriously poor IP protection looking to create an internal market for the Cyberpunk equivalent of this. If we see SinoPunk 2077 pop up over the next few weeks, we'll know for sure... :D
Well the question falls down to *WHO* bought the source code. I very much doubt that an official parties like EA or Activision would buy it just to sell it on for profit let alone want anyone know that they have it. Same goes for the other players in the game dev space. Im sure everyone wants to know what makes Witcher games tick. individuals are more likely to sell it on for profit though.

secondly, CDPR does not have a patent on whatever mechanics or features in Witcher games so even if similarities were to appear in games further on down the line. CDPR cant really sue for plagiarism.

Anyway, i am unaware if there were any contract that was signed that sealed the deal but either way, the code is out there.
Posted on Reply
#8
Mussels
Moderprator
I wonder if we'll get chinese games with stolen code, or if malware will target their games now (via mods, or any network code they have)
Posted on Reply
#9
DeathtoGnomes
I dont what all the fluff is about, there was no real ground breaking new code changing hands. People put hard work in to make 2077 what it is. I see all this in one person/team that might be out to make some cloned game off the stolen code with add tweaks. There is no real value in the code, only value is to those that want it. Even if the code is released to the public, what can they really do with it? cheat? :banghead:
Posted on Reply
#10
bug
The deal apparently went through, with a condition that bars the hackers from re-selling the data to any other parties.
Or what? :wtf:
Posted on Reply
#11
Divide Overflow
It would be interesting for objective parties to see how much optimization was left on the table for other platforms.
Posted on Reply
#12
Verpal
BSim500
Exactly. Given the data was illegally obtained and that the seller was almost certainly paid anonymously, what's the seller going to do to "enforce" it, go public, sue the buyer and promptly get arrested for the hack in the first place?... For the same reason, the conspiracy rumours that the buyer was secretly CDPR trying to keep it from leaking out don't make much sense as there's nothing to stop the seller (who probably has multiple backups) from selling it multiple times (as hackers of credit card databases have done in the past) after pocketing any payment from CDPR. Not paying up is the only sane move CDPR can make, and I'm more inclined to believe the conspiracy that the hacker faked a "sale" to save face as some are saying (well, unless the buyer was from a certain Asian country with notoriously poor IP protection looking to create an internal market for the Cyberpunk equivalent of this. If we see SinoPunk 2077 pop up over the next few weeks, we'll know for sure... :D
Technically the guarantors are suppose to enforce, but this one is not known for enforcing anything other than ensure anonymity of both party.
Posted on Reply
#13
Hatrix
Correct me if i'm wrong but,
In code they stole, the only thing i think is really valuable on those games is the NPC Artificial Intelligence and the Physics and it's not that interesting for Cyberpunk 2077, the very simple Npc AI is lackbuster, if someone stole Rockstar AI, that would be much more.
The code behind talent trees(incomplete :\ ), weapon gameplay, driving cars, the props, the buildings, it's all basic stuff for any Triple A game to be used for a future project.

There's also something i want to know, about this code,

Can the people who bought it make games based on the engine used for those games? or is the RedEngine 3 it's separate thing?
I'm asking because if it's the same thing then it's not only AI but visual graphic techniques that can also be used.
Posted on Reply
#14
Nephilim666
I can't imagine there being anything interesting about this source to competing developers. The Witcher 3 is not revolutionary in its gameplay, cp2077 is buggy as heck and poorly optimised, Gwent is Gwent. These games (particularly Witcher 3) succeed due to subject matter, quest content and context... None of which are 'hidden' in the source.

If I was CDPR I would just make sure there aren't glaring security holes and carry on.
Posted on Reply
#15
ZoneDymo
JAB Creations
Who else loathes it when 12 year olds who can't use spellcheckers are the first in comments?
There is a "spellchecker" build into this website?
Posted on Reply
#16
TumbleGeorge
What is different between copy of games which we buy in shops for $xx or cheap and "codes" of game which is offering for billions?
Posted on Reply
#17
Mussels
Moderprator
TumbleGeorge
What is different between copy of games which we buy in shops for $xx or cheap and "codes" of game which is offering for billions?
source code, simplifying its the human language version before it gets converted into faster running files, that humans cant make sense of.
go open an .exe in word and see how much sense you can make out of it
Posted on Reply
#18
ixi
DeathtoGnomes
I dont what all the fluff is about, there was no real ground breaking new code changing hands. People put hard work in to make 2077 what it is. I see all this in one person/team that might be out to make some cloned game off the stolen code with add tweaks. There is no real value in the code, only value is to those that want it. Even if the code is released to the public, what can they really do with it? cheat? :banghead:
Hard work? - maybe.

Good/Quality outcome? - No.

You can't compare cb 2077 to gta v.

GTA V was made in 4.5 or 5 years while cb 2077 was made in 8 years and was trash and is trash.
Posted on Reply
#19
lexluthermiester
ixi
You can't compare cb 2077 to gta v.
True... They are both great for different reasons.
ixi
GTA V was made in 4.5 or 5 years while cb 2077 was made in 8 years
Sort of true...
ixi
was trash and is trash.
Silly, meritless opinion..
Posted on Reply
#20
ixi
lexluthermiester
Sort of true...
Why?
Posted on Reply
#21
1d10t


I don't mean to undermine anything, but source code useful for specific project only, unless buyer got some project "similar" and in line with Red Engine. Big player doens't want that, they have to spent extra time and effort for disassemble and debugging. Some indie games or small start up might interested, but then again most of them are focusing on mobile games.
Posted on Reply
#22
TumbleGeorge
Mussels
source code, simplifying its the human language version before it gets converted into faster running files, that humans cant make sense of.
go open an .exe in word and see how much sense you can make out of it
What is reasons for it's price? What is the benefit for someone who bought the source code of a game for millions of dollars. How could he recoup his investment?
Posted on Reply
#23
DeathtoGnomes
ixi
GTA V was made in 4.5 or 5 years while cb 2077 was made in 8 years
time spent developing does not matter, the end product does. Time is by no means any way judge a game.
Posted on Reply
#24
Octopuss
I don't understand.
They said they wouldn't negotiate and now the hackers are "prohibited" to make it public by a deal?
So they negotiated with them or not?
And is anyone so stupid to believe the hackers' word they wouldn't publish the data IF <something>?

Someone explain this to me because I honestly don't know what am I reading.
Posted on Reply
#25
ixi
DeathtoGnomes
time spent developing does not matter, the end product does. Time is by no means any way judge a game.
Dont agree with your opinion. The more time you have the more possibilities you can add and polish them.
Posted on Reply
Add your own comment