League of Legends source code auctioned off by hackers

Wild Rift
(Image credit: Riot Games)

The attackers behind a recent assault on Riot Games have announced they are auctioning off the source code used for some of the company's most famous games.

The company behind one of the world’s most popular MOBA games - League of Legends (LoL), had recently confirmed it had received a ransom note for the stolen source-code, but publicly announced it had zero intention of paying said ransom.

Reports had claimed that the crooks demanded $10 million in exchange for the stolen material. 

TechRadar Pro needs you! (opens in new tab) We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

High-valued auction

During the breach, which allegedly lasted for 36 hours, the attackers managed to obtain the source code for League of Legends (LoL), Teamfight Tactics (TFT), and Packman - a legacy anti-cheat solution.

The incident forced Riot to postpone some of the upcoming patches for the games, but stated that other than that - no harm was done, and user data was secure.

After the ransom offer was vehemently declined, the crooks went to a “popular hacking forum”, and placed the data on auction. 

LoL source code and Packman are being auctioned off for a minimum of $1 million. Packman itself, BleepingComputer found, is being offered for $500,000.

In the forum ad, there is a PDF file attached, holding a directory listing of 72.4GB of the stolen source code. The file itself is some 1,000 pages long, it was said. While the media did get a hold of the file, its authenticity is hard to confirm at this time. 

Given the price tag, it’s safe to assume that the attackers believe the source code to be valuable. 

It had previously been reported that the data could be used to create cheats for the game, allowing some people to get the upper hand in combat. Whether that’s enough to warrant a $1 million price tag, remains to be seen. BleepingComputer also says it’s possible to use the source code to create malware that can execute code on player endpoints (opens in new tab), remotely. 

"Truthfully, any exposure of source code can increase the likelihood of new cheats emerging,” Riot said. “Since the attack, we've been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.”

Via: BleepingComputer (opens in new tab)

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.