Stolen League of Legends source code being ransomed, and Riot Games won’t pay

Riot Games has confirmed that an attack on its development environment last week included the theft of source code for its League of Legends and Teamfight Tactics games, along with a “legacy anticheat platform.” The company has received a ransom demand but states that it will not pay.

The release of source code by the attackers, whether publicly or by sale, could have implications for cheat software, providing direct knowledge of the game’s mechanisms rather than relying on reverse engineering. Riot acknowledged that the attack, attributed to “social engineering,” “could cause issues in the future,” but added that it was confident “no player data or player personal information was compromised.”

“Truthfully, any exposure of source code can increase the likelihood of new cheats emerging,” Riot posted in a reply tweet. “Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed.” Riot added that the code “includes a number of experimental features,” though it’s mostly “in prototype and there’s no guarantee it will ever be released.”

Vice’s Motherboard obtained a copy of the ransom email sent to Riot Games. The letter demands $10 million and offers to remove the code from the hackers’ servers and “provide insight into how the breach occurred,” according to Motherboard. The initial email provided a deadline of 12 hours, noting that a failure to comply would result in “the hack being made public.”

Source code leaks have become an increasingly common feature of the complex, multi-party nature of modern gaming development and maintenance. Making use of them is far less frequent, however.

Valve, facing the release of source code for Counter-Strike: Global Offensive and Team Fortress 2 in 2020, said it had “not found any reason for players to be alarmed” but only addressed the Counter-Strike code in its statement. TF2 community servers shut down temporarily but reopened when Valve followed up with a similar “no reason” statement.

Source code leaks are nothing new for Valve, but it’s worth noting that TF2 has had longstanding issues with automated “bot” players and cheating. Those issues existed before the source code leak, however. To this day, TF2 and Counter-Strike are regularly in Steam’s top 10 most-played games, with hundreds of thousands of concurrent players.

CD Projekt Red was hit with a ransomware attack in early 2021, one that seemingly exfiltrated the code for Cyberpunk 2077, Gwent, and The Witcher 3, along with the Red Engine that underlies them. That code was later auctioned after the developer and publisher refused to pay a ransom. More than one malware-tracking account reported that the auction closed after the sellers wrote that they received an offer “outside the forum.” But Emsisoft Threat Analyst Brett Callow noted that the mysterious buyer could have been fake or “simply a means for the criminals to save face after failing to monetize the attack.”

No particular cheats or exploits emerged from CD Projekt Red’s source code, though the company largely makes single-player games, except for the online deck-builder Gwent, which is a fairly minor target for malware.

The most famous among source code leaks is Axel Gembe’s theft of the source code for Half-Life 2. Gembe released the code online, Valve director Gabe Newell wrote about it, and the fact that Half-Life 2 was nowhere near ready to be released when originally suggested was made plain to the world. Gembe contacted Valve and asked for a job, Newell persuaded him to call, the FBI recorded that call, and the rest is history.

We’ve reached out to Riot Games for more comment on the cheat implications of the source code leak and will update this post if we hear back.