The Cyberpunk 2077 Hackers Actually Did It

Things haven't been all that great for developer CD Projekt Red these past few months. The launch of Cyberpunk 2077 was met with disappointment and anger, leaving many fans scrambling for refunds. Then, on top of that, the studio had to announce at the beginning of February that it had been hacked. An "unidentified actor" — one apparently hoping to walk away with a huge payday — told CDPR it had stolen all sorts of data, including source code for Cyberpunk 2077 and The Witcher 3.

It was unclear whether this hacker actually planned to take action, or whether they were just bluffing. What was clear, though, was that the hacker had demands it wanted to make of CD Projekt Red. When the studio refused to negotiate, those keeping tabs on the situation were left waiting for the other shoe to drop. After a few days, it now has, and CD Projekt Red's sensitive information has reportedly been sold to the highest bidder.

According to Twitter user @vxunderground, the source code for several CD Projekt Red titles — as well as the company's RED engine — went up for auction on a forum called EXPLOIT. The cache apparently included data for Cyberpunk 2077, The Witcher 3, a special version of The Witcher 3 with ray-tracing support, and Thronebreaker: The Witcher Tales. The auction started at $1 million and had a "buy now" price set for $7 million. In a tweet by intelligence firm KELA, however, it was reported that the hacker reached an agreement for a sale elsewhere. It is unknown what the entire package ending up fetching.

This is obviously pretty bad news for CD Projekt Red on a number of fronts. For starters, the company's trade secrets are now floating around in the world, and could fall into the hands of competitors at some point. In addition to that, the hacker listed "internal documents" as part of the bundle they were selling, and those docs could also contain information CD Projekt Red considers sensitive. Long story short, this whole fiasco could end up causing huge problems for the company — the kind that are really hard to predict.

There is one other scenario that could potentially play out, though, where nothing happens. Some Twitter users are speculating that CDPR was actually the anonymous buyer, and who knows — maybe that was indeed the case. It would be tough to prove this without CDPR coming out and admitting it, though. So far, that hasn't happened. For now, it sure seems like CD Projekt Red has a lot to worry about.