The hacker(s) of the Riot Games breach managed to steal the source code of League of Legends, Teamfight Tactics, as well as an old version of Riot’s anti-cheat software known as Packman according to an article released by Motherboard
. Esports Heaven was also able to confirm this, as well as additional anti-cheat software specifically related to League of Legends Korea servers, codename Demacia and a more widely used module in the Asia gaming industry known as Xigncode3, which Riot Games previously used on their Korean servers
. We could not confirm whether Demacia is currently being used in western LoL servers. While Riot has responded to the ransom email from the hacker(s) by publicly saying they will not be paying the demanded amount of $10 million dollars
, the hacker(s) has now turned to the black market to offer the source code to the highest bidder.
The hacker(s) goes by the name Arkat_001 and their current asking price for the source code for both games and all anti-cheat software is $700,000. Riot Games is concerned that the release of this source code will disrupt player experience as cheating tools will be able to learn from the source code and anti-cheat software, allowing hackers to improve their own hacking programs.
Esports Heaven was able to verify the obtained files via a file directory showing all data obtained by Arkat_001. The files are 72.4GB of data in total, with 572,000 files.
According to VX Underground
, Arkat_001 got access to Riot’s database via a SMS sent to an employee, which they were then able to escalate and obtain security credentials of a company director at Riot Games. Arkat_001’s original objective was to gain access to the source code for Vanguard, Riot’s anti-cheat software for their FPS game Valorant, which has been notoriously hard to develop cheats for due to the software functioning like a rootkit (having access to system files before the operating system loads).
After Arkat_001 failed to gain access to Vanguard source code because they were kicked from the network before discovering the files. Riot Games Security Operations Center (SOC) responded to the intrusion within 36 hours, with several outside security experts and hackers saying this is an extremely quick response time. This may be due to Riot having specific JSON files which keep track of intrusions based on specific areas in their offices, which is connected to their Intrusion Detection System (IDS).
Despite Riot’s statement saying the hacker(s) had not obtained access to player data, Arkat_001 has stated that they had access to player-sensitive data such as email addresses as well as access to an admin console with the ability to send RP to users.
Esports Heaven spoke with the hacker(s) and could not confirm whether it was a single individual or a group, although Arkat_001 admitted they infiltrated Riot independently, Arkat_001 also continued to use “we” as if they were affiliated with others. Arkat_001 also confirmed that they were not part of the infamous hacking group Roasted 0ktapus (also believed to be the hacker group Scattered Spider) which is responsible for other gaming and tech data breaches. Arkat_001 also confirmed that they had not used IceBreaker, a new social engineering technique
that has been ravaging the gaming/gambling industry. Arkat_001 claims that they used no malware or files to get access to Riot’s database.
Esports Heaven reached out for comment to Riot Games but did not receive a response.
Izento has been a writer for the LoL scene since Season 7, and has been playing the game since Season 1. Follow him on Twitter at @ggIzento for more League content.
For more LoL content, check out our LoL section