Hackers auction alleged source code for League of Legends

League of Legends

Threat actors are auctioning the alleged source code for Riot Game’s League of Legends and the Packman anti-cheat software, confirmed to be stolen in a recent hack of the game company’s developer environment.

Last Friday, Riot Games disclosed that its development environment had been hacked, allowing threat actors to steal source code for League of Legends (LoL), Teamfight Tactics (TFT), and the company’s Packman legacy anti-cheat platform.

Yesterday, the company confirmed they had received a ransom note from the threat actor and said they would not be paying a ransom. obtained this ransom note, which demanded $10 million to prevent the stolen data from going public.

Riot Games tweet

In a conversation with security research group VX-Underground, the threat actors stated they gained access to Riot Game’s network after performing a social engineering attack over SMS on one of the company’s employees.

The threat actors claimed that they had access to the development network for thirty-six hours until they were detected by the company’s security operations center (SOC).

They told VX their goal was to steal the source code for Riot Vanguard, the game company’s anti-cheat software.

Hacker begin selling stolen source code

Last night, the threat actor behind the attack began selling the alleged source code for League of Legends and the legacy Packman anti-cheat platform on a popular hacking forum.

The threat actor says they are selling the League of Legends source code and Packman for a minimum of $1 million. However, they told BleepingComputer that they would be willing to sell Packman by itself for $500,000.

Forum post selling Riot Games source codeForum post selling Riot Games source code
Source: BleepingComputer

The forum post includes a link to a thousand-page PDF document that they claim contains a directory listing of the 72.4 GB of stolen source code. BleepingComputer reviewed this document, and it does appear to be a source code listing for software associated with Riot Games.

While the threat would not share further proof of the stolen source code, they told us they shared some with Ryscu, a YouTuber who creates videos around League of Legends.

Ryscu included a screenshot of this leaked source code in a YouTube video about the breach.

BleepingComputer has been unable to independently verify if the source code is legitimate, and Riot Games has not responded to our queries about the source code sale.

Is it worth $1 million?

The main concern regarding the stolen source code is that it could be used to create cheats or exploits to target the game and its players.

Other threat actors could also use the source code to potentially create exploits that could allow remote code execution on player’s devices.

“Truthfully, any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we’ve been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed,” tweeted Riot Games.

While source code makes it easier to find bugs in code, it is also possible to find them using reverse engineering with little cost other than time. 

Therefore, only time will tell if this allegedly stolen source code is worth $1 million to cheat developers and other threat actors.


  • NoneRain Photo NoneRain – 3 days ago

    Good times to have Vanguard’s kernel-level drivers on your system.

  • jorgui10 Photo jorgui10 – 2 days ago

    <p>It&#39;s surprising to think that gaming companies don&#39;t put something in place to protect what&#39;s most important to them, which is their source code. It&#39;s like Coca-Cola not protecting their secret recipe. It&#39;s probably the most important intellectual property for a gaming company. How is it possible that these situations happen regularly in this industry? (EA, Pok&eacute;mon, Rockstar, etc.) Disclaimer ADVERTISING: I work at Strong Network, a company whose mission is to allow organizations to secure their source code through the use of a secure container development environment (CDEs).</p>

  • AdwCleaner Logo


    Version: 56M+ Downloads

  • Malwarebytes Anti-Malware Logo

    Malwarebytes Anti-Malware

    Version: 4.5.20 4M+ Downloads

  • Windows Repair (All In One) Logo

    Windows Repair (All In One)

    Version: 4.13.1 2M+ Downloads

  • Everything Desktop Search Logo

    Everything Desktop Search

    Version: 22,085 Downloads

  • Zemana AntiLogger Free Logo

    Zemana AntiLogger Free

    Version: 52,632 Downloads


Related posts

GhostToken GCP flaw let attackers backdoor Google accounts

Sarah Henriquez

What is the Best Pen Testing Schedule for Your Development Cycle?

Sarah Henriquez

Toyota, Mercedes, BMW API flaws exposed owners’ personal info

Sarah Henriquez

Leave a Comment