Riot Games has confirmed that a attack on the development environment last week included theft of source code for its League of Legends and Teamfight tactics game, along with a “legacy anticheat platform.” The company has received a ransom demand, but states that it will not pay.
The release of source code by the attackers, whether publicly or by sale, could have implications for cheating software, providing direct knowledge of the game’s mechanics rather than relying on reverse engineering. Riot acknowledged that the attack, attributed to “social engineering,” “may cause problems in the future,” but added that it was confident that “no player data or player personal information was compromised.”
“Indeed, any exposure of source code can increase the likelihood of new cheats appearing,” Riot posted in a reply tweet. “Since the attack, we have been working to assess the impact on anticheat and to be prepared to deploy fixes as quickly as possible if necessary.” Riot added that the code “includes a number of experimental features”, although it is largely “in prototype and there is no guarantee that it will ever be released.”
Vice’s Motherboard obtained a copy of the ransom email sent to Riot Games. The letter demands $10 million and offers to remove the code from the hackers’ servers and “provide insight into how the breach occurred,” according to Motherboard. The first email gave a deadline of 12 hours, noting that failure to comply would result in “the hack being made public.”
Source code leaks have become an increasingly common feature of the complex, multi-party nature of modern game development and maintenance. However, using them is far less common.
Valve, facing the release of source code for Counter-Strike: Global Offensive and Team Fortress 2 in 2020, said they had “found no reason for players to be alarmed”, but only addressed Counterattack code in its statement. TF2 community servers temporarily shut down, but reopened when Valve followed up with a similar “no reason” statement.
Source code leaks are nothing new for Valve, but it’s worth noting TF2 have had long-standing problems with automated “bot” players and cheating. However, these problems existed before the source code leak. To this day, TF2 and Counterattack is regularly in Steam’s top 10 most played games, with hundreds of thousands of concurrent players.
CD Projekt Red was hit by a ransomware attack in early 2021, one that apparently exfiltrated the code for Cyberpunk 2077, Gwentand The Witcher 3, along with the Red Engine that underpins them. That code was later auctioned off after the developer and publisher refused to pay the ransom. More than one malware tracking account reported that the auction closed after the sellers wrote that they received an offer “outside the forum”. But Emsisoft threat analyst Brett Callow noted that the mystery buyer could have been fake or “just a means for criminals to save face after failing to monetize the attack.”
No particular cheats or exploits emerged from CD Projekt Red’s source code, although the company largely makes single-player games, except for the online deck builder Gwent, which is a fairly small target for malware.
The most famous of the source code leaks is Axel Gembe’s theft of the source code for Half life 2. Gembe released the code online, Valve director Gabe Newell wrote about it, and the fact that Half life 2 was nowhere near ready to be released when it was originally proposed to be made clear to the world. Gembe contacted Valve and asked for a job, Newell talked him into calling, the FBI recorded the call, and the rest is history.
We’ve reached out to Riot Games for further comment on the cheating implications of the source code leak and will update this post if we hear back.