Riot Games has confirmed that a attack on its development environment last week included the source code theft be first League of Legends and Teamfight Tactics games, along with a “legacy anti-cheat platform”. The company has demanded a ransom, but says it will not pay.
The release of the source code by the attackers, either publicly or by sale, could impact cheating software, providing direct knowledge of the game mechanics rather than relying on reverse engineering. Riot acknowledged that the attack, attributed to “social engineering,” “could cause problems in the future,” but added that it was certain that “no player data or player personal information had been compromised.”
“Honestly, any disclosure of source code can increase the likelihood of new cheats popping up,” says Riot posted in a reply tweet. “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to implement fixes as soon as possible if needed.” Revolt added that the code “contains a number of experimental features”, although it is mostly “in prototype and there is no guarantee it will ever be released”.
Vice’s motherboard obtained a copy of the ransom email sent to Riot Games. The letter demands $10 million and offers to remove the code from the hackers’ servers and provide “insight into how the breach happened,” according to Motherboard. The first email stated a 12-hour deadline, noting that failure to meet it would result in “the hack being made public.”
Source code leaks have become an increasingly common feature of the complex, multiparty nature of modern game development and maintenance. However, its use is much less common.
Valve, facing the release of source code for Counter-Strike: Global Offensive and Team Fort 2 in 2020, said it had “not found any reason for players to be alarmed”, but only focused on the Counterattack code in its statement. TF2 community servers were temporarily shut down, but reopened when Valve enforced a similar “no reason” statement.
Source code leaks are nothing new to Valve, but it’s worth noting TF2 has long had problems with automated “bot” players and cheating. However, those problems existed even before the source code leak. Up to the present day TF2 and Counterattack regularly rank in Steam’s top 10 most played games, with hundreds of thousands of simultaneous players.
CD Projekt Red was hit by a ransomware attack in early 2021, apparently exfiltrating the code for Cyberpunk 2077, Gwentand the witcher 3, along with the red engine that underpins it. That code was later auctioned after the developer and publisher refused to pay a ransom. More than one malware tracking account reported that the auction closed after the sellers wrote that they had received an offer “out of the forum”. But Emsisoft Threat Analyst Brett Callow noted that the mystery buyer could be a fake or “just a means for the criminals to save face after failing to monetize the attack.”
No specific cheats or exploits emerged from CD Projekt Red’s source code, though the company mostly makes single-player games other than the online deck-builder Gwent, which is a fairly small target for malware.
The most famous source code leak is the source code theft by Axel Gembe half-life 2. Gembe released the code online, Valve executive Gabe Newell wrote about it, and the fact that half-life 2 was nowhere near ready to be released when it was originally suggested that it was made clear to the world. Gembe contacted Valve and asked for a job, Newell persuaded him to call, the FBI took that call, and the rest is history.
We’ve reached out to Riot Games for further comment on the cheating implications of the source code leak and will update this post if we hear back.