Riot Games source codes offered for sale on black market

Riot Games source codes offered for sale on black market

15 February 2023

The year 2023 started in the worst of ways for game developer and international esports giant Riot Games. Towards the end of January, the company was hacked by an unknown individual or group, which resulted in the theft of the source codes for popular esports title League of Legends and anti-cheat software Packman. The hackers demanded $ 10 million for the stolen data to be returned, but Riot declined this offer. As a result, all of the data concerned is now offered for sale on the black market for $ 700.000.

What is being offered exactly?

“We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat”. This was the opening sentence of the ransom email that was sent to a group Riot Games executives a few weeks ago. The hacker or hackers then emphasize that they are aware of how painful a public release of the stolen data could be for the company, and for its titles Valorant and League of Legends in particular. They continue to make “a small request for an exchange of $10,000,000”, a request we now know was declined by Riot.

As proof of the hack, a tree list PDF file was added to the digital ransom note and now that the data is for sale on the black market, we can get a more detailed insight into what was stolen. An anonymous user called Arkat_001 is offering the source code in the form of a 572.000-file package with a size of 72.4GB and for a price of $ 700.000. Apparently, the hacker or hackers were also aiming for Vanguard, Riot’s anti-cheat software for Valorant, but he/she or they were removed from the network before getting to its source code.

Hoping for a white hat turn

Taking a deeper look at the original ransom email, it looks like the hacking party was hoping for a white hat solution. White hat hacking is the term used for hacking with the objective of identifying vulnerabilities in a certain system, under the consent of the owner and usually for a bounty. It happens that when a party hacks another party without such consent, they hacker offers a similar solution to the victim. In the ransom email received by Riot, the hacker or hackers mention this possibility as well, but Riot was clearly not interested.

“In return, we will immediately remove all source code from our servers and guarantee that the files will never be released to the public”, can be read in the note, “We will also provide insight into how the breach occurred and offer advice on preventing future breaches […] We do not wish to harm your reputation or cause public disturbance. Our sole motivation is financial gain […] It is alarming to know that you can be hacked within a matter of hours by an amateur-level hack”.