Earlier this week, CD Projekt Red revealed that they were the subject of a targeted cyberattack that resulted in the hackers getting access to the company’s internal systems and stealing files that included source code for Cyberpunk 2077, The Witcher III: Wild Hunt, and Gwent. In their statement, CD Projekt Red said that they wouldn’t be giving in to the demands of those who stole the data. Now, The Verge has reported that the hackers who targeted CD Projekt Red have auctioned off and sold the stolen source code in an underground digital market. According to cybersecurity firm KELA, the data was sold for $7 million.

Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6

— KELA (@Intel_by_KELA) February 11, 2021

The stolen material included the source code for CD Projekt Red’s three games and it may have included internal documents but nothing is clear what the full cache included. Victoria Kivilevich, a threat intelligence analyst at KELA spoke with IGN and said that everything was sold as a single package. “We do believe that this is a real auction by a real seller who accessed the data. The seller offers to use a guarantor and he allows only those who have a deposit to participate – a tactic that is used by many sellers to show that they are serious and to ensure that no scam will occur, a KELA spokesperson told The Verge.

CD Projekt Red’s ransomed data has been leaked online. pic.twitter.com/T4Zzqfn78F

— vx-underground (@vxunderground) February 10, 2021

Twitter User vx-underground who first noted that the information that was taken had started to appear on online forums also independently verified the pricing terms that The Verge reported. The auction was going to run for at least 48 hours before it was reported that the sellers were satisfied with an offer outside of the forum and closed the sale.

Update: a mistake was made. They stated starting bid $1kk. This was assumed as a typo for $1,000. They meant $1,000,000. They are also selling immediately for $7,000,000.

Attached images supplied by @DrFurfagMD pic.twitter.com/JnOcwnGqZk

— vx-underground (@vxunderground) February 10, 2021

However, Emsisoft Malware Lab, a group of cybersecurity researchers believe that the hackers used the ransomware HelloKitty and that after looking into everything, “no buyer exists and the closure of the auction is simply a means for the criminals to save face after failing to monetize the attack following CD Projekt’s refusal to pay the ransom. We have seen this behavior in the past with REvil, a ransomware group that threatened to release damaging information about Donald Trump. Although the hacked law firm refused to pay to prevent the leak, the information was never published – the attackers just claimed to have sold it.”

Update: we have confirmed the auction has closed. Someone has indeed purchased the material.

Image courtesy of @DrFurfagMD pic.twitter.com/TnQVqTiM5w

— vx-underground (@vxunderground) February 11, 2021