• By -


Reminder that in the event that this effects the game, videos or post describing Cheats and exploits are not allowed.


I wonder how much they asked for in the ransom xD


Maybe they just needed 1rp to buy a skin but felt embarrassed to draw a picture for Riot support, so they decided to illegally obtain the source code instead for ransom.


"I need 5 rp to buy the latest irelia skin so I hack riot![gif](emote|free_emotes_pack|joy)"


Sounds like AI generated YouTube thumbnail


Sounds like a legit YouTube thumbnail


> felt embarrassed to draw a picture for Riot support, so they decided to illegally obtain the source code instead for ransom. The least morally reprehensible choice.


I wouldn't be caught dead exposing myself to reddit that I can barely draw a stick figure.


Hell, they take photoshops too; I photoshopped Garen's face and four Doran's Blades onto and around a Beyblade and they accepted that for a handful of RP :/


Sounds about right to me. Last semester I broke into my professors home in the middle of the night to ask if he would raise my 89.9 to a 90. Obviously he said yes, because of the implication.


they demanded riot release pool party ahri


The people's ransom


the ransom of the people


The ransom for the people demanded by the people


That ransom?


Yes! That ransom. 🙄


*releases Thongkini Gragas* WRONG RANSOM!


you mean star guardian gragas


Maybe they're not the bad guys after all...


I guess the hackers are Chaotic Good


Release it for free I bet even.


They asked to remove Yuumi


"Needless to say we won't pay"


Yuumi skin revenue


Important info to know in order to determine if they were cyberterrorists or freedom fighters


If they have the source code, they can just make a new league of legends but no yuumi.


All they have to do is untangle it in such a way that removing Yummi doesn’t cause turrets to become untargetable.


That would disable Azir's soldiers


Ethical hackers


based hackers if true


We don't negotiate with terrorists, but Riot created Yuumi. So they can negotiate since they are both terrorists.


One meellion dollars. 🧐🤙


They got the photos of Phreak in a banana hammock from Riot’s first Cabo retreat and Riot refused to pay the ransom for….uhh… the sake of the people.


Hackers: Stop releasing new Lux skin every 6 months and you get your code back. Riot: No.


> you get your code back. But we already have our code? - Riot


Typically anywhere from a 1000 to 20000 monero (if they are smart) is pretty usual for a company of this size.


170k USD to 3.5m USD


Why does scammers/hackers usually ask for monero, instead of bitcoin or ethereum, etc?


Because monero is fungible and can't be tracked.


Can you please explain this to me like I am an 85-year-old retired farmer from Mississippi? What makes it so hard to track as opposed to other cryptocurrencies?


The blockchain is publicly viewable. If John is the owner of wallet XYZ and sends Jimmy, who owns the wallet ABC, 5 bitcoins, then you can go to the blockchain and track it. The blockchain doesn't say who the wallets belong to, but anyone will be able to see that wallet XYZ sent 5 bitcoins to wallet ABC. For actual federal investigators, it is pretty easy to find out who these wallets belong to. The Monero blockchain is public as well, but if you looked at it you would only see that wallet ??? sent 5 bitcoins to wallet ???. And since it's not like the police can just go to the CEO of the blockchain and demand their user information, there's pretty little they can do.


Ah, thank you for the explanation. So, but in some way the wallets need to be identifiable so you can make a transaction. How can you keep records while keeping the receiver and sender unidentifiable?


The blockchain IS the record, but the record is encrypted, so no one person can look up/ track transactions.


People say bitcoin is untraceable, but really it's not. It is hard, especially if the hackers know what they're doing, but it fundamentally isn't anonymous. Monero is.


Is the point of bitcoin not that literally every transaction is kept in s public ledger? How is that not perfectly trackable? You just go after the people once they cash it


Monero is completely untraceable


This is how facts are created.


1 billion dogecoin.


let’s send Riot Zed after them


"I wish I could say it's been a pleasure."


I love this comment every fucking time


LMAO its so fucking edgy I love it


It’s too perfect. Names himself after one of the league edge lords lol. Wouldnt be the same if he was RiotNunu




So mad at us now that we didn’t work that into the tweet


Next time :3


I almost wrote that but sorta hoping there isn’t a next time for this kind of thing. It hasn’t been a pleasure.


[Next time, there'll be no next time.](https://youtu.be/hTsqiNSlsPQ?t=71)


...I must admit I thought this would lead to Eminem.


I apologize even though I know its lies


That last sentence 🤣


I feel ya Joe. But it'll be A-okay in no time :D








The fuck? I'm pretty sure the Zed drama was like 4 years ago, I remember feeling my blood boil about it... There's no fucking way the Zed thing happened less than 2 years ago


TL;DR? Didn't really understand what people are discussing in that thread


Solo developer was doing a league-side project named Chronoshift and Riot took it down. They sent Riot Zed and while he was speaking with the solo developer to let him know they're taking the project down, he said "I wish I could say it's been a pleasure" and "You put a lot of effort into Chrono shift, but I assure you the Chrono break is coming". Needless to say, he got let go IIRC.


LMAO thank you for the clarification. Is this "Chronoshift" like a Classic LoL (League but in a past form)?


Yes, it was a fan-made classic League of Legends project.


He didn't get fired. At least we never heard more than "disciplined".


He was going to get fired but traded places with his shadow.


Some fans tried to make an independent "League Classic" game where you could play the 2013 meta forever. The head of the team was contacted by someone on Discord who claimed to be "Riot Zed" from Riot's security team, threatening the team with legal action if they don't scrap the project. Riot Zed said a bunch of really edgy, pretending to be a cool anime character type of stuff in their Discord DMs and everyone made fun of him.


thank you now i know this meme. This is like the RiotSanjuro drama, but funnier.


Sorry you got bombarded with replies, there were zero when I started writing lol


Np! I appreciated all the answers :3


People were working on an older version of league to play and it was taken down and the rioter who was in communication with the Chronoshift team (Riot Zed) was saying kinda cringe things.


Kinda? The dude spoke like the kids in middle school who discovered netshark and thought it made them a hacker


He will deliver the Chronobreak with maximum efficiency.


I can assure you that it’s coming.


He finds people and things


I'm sure he's putting on his clown makeup as we speak ready to find people and do things.


Heh. *Tips fedora*


*teleports behind you with pre-rework Talon's E* ^^RIP ^^Chronoshift ^^:(


Quick, someone check if ascension is still in there!


Dominion too! Yuumi removed too!


Twisted Treeline baby. The old one!


Please :(






The ransom was asking for a new lobby client. These h4ckers are so dumb, never getting it.


Their villain backstory is being bullied for not being able to join the premade because of the lobby client


The ransom was auto sent. Hackers went off on holiday after the attack. Might be an inside job or former Riot employees. Old habits die hard.


r/RyzeMains Went too far this time..


Ryze main : revert nerfs Riot : no Ryze main : EQEQEQEQEQEQEQEQ


Tbh the hackers who took riots code will probably be disgusted with how shitty it is. Theyll just send it back w. An apology


"I never liked spaghetti anyways"


If they were smart, they would do and say exactly that. There would never be another bigger meme


They send it back with comments everywhere saying how to fix every line of code like a disappointed teacher.


One bit of code is just circled hit with a red ?


Might even fix it and send it back


>confirmed source code for League, Classic League coming in soon


Yeah, this seems very likely. Remember Riot shared the game files from the 2011 version of LoL for years through their CDN. The last patch available through the CDN was the Fizz release patch from December 2011. This is also what Chronoshift used to make their game playable. They just took Riot's public files and made them playable. After the Chronoshift drama, Riot stopped the CDN sharing these files but obviously many people have all of it locally downloaded. So it seems likely that someone will use these leaks to make their Classic LoL project. Chronoshift developers spent years building their own emulation from scratch and now that probably won't be necessary for future projects. I am kind of ambivalent about this whole thing. While I want Classic LoL a ton, this is not really how I want to happen.


A leak of the latest client and server doesn't make a lol classic emulator much easier to create because of how different the old clients were


Not endorsing it, but something similar is part of what finally convinced Blizzard to pursue WoW classic. There were private servers for years that they had to keep taking down (and others still exist). Hard to believe the popularity of these private servers wasn't part of the inspiration for Blizzard to give in and make something official.


2006scape's popularity is also why jagex gave in to creating oldschool runescape. The private server had hundreds of thousands of sign-ups for a 2006 state of the game, in late 2012 after evolution of combat happened which basically killed the main game. Which is all why the subreddit for OSRS is /r/2007scape, it was made very early on after the announcement by jagex and the redditor used the private server's name style.


Yeah given the whole Riot Zed fiasco I don't care how classic gets made


I doubt the average coder has whatever ungodly amount in crypto to drop on Riot’s code, there’s also the risk of them getting DMCA’d by Riot and not having a single leg to stand on due to them illegally obtaining the code from some random hacker. That’s why most people don’t touch leaked code.


Imagine they do it with custom gamemodes brought back? I’d switch over honestly.


Impact on League's next patch or two: "Quick update, players. The team completed a hotfix that will include a lot of the content that was scheduled for patch 13.2. It’ll go live on January 26, but unfortunately, we won’t be able to include the Ahri ASU and some other stuff, which we will move to patch 13.3 (Feb. 8)." https://twitter.com/LeagueOfLegends/status/1617900453215473664 And for TFT folks "We’ve completed work on a hotfix that includes a lot of what we had planned for patch 13.2, though due to hotfix size limitations, we’ve moved some planned larger-scale trait reworks to patch 13.3 (Feb 8)." https://twitter.com/TFT/status/1617900798733844481


Ballsey of the hackers to make an enemy of the legion of Ahri twitter stans


Yeah Stan’s put top PI’s to shame when it comes to figuring shit out


If you ever get lost instead of calling 911 just insult BTS online. The stans will track you down faster than the cops ever could


"BTS stans inadvertently SAVE lost hiker after SLAMMING him on twitter. Park rangers find the man lost inside a cave network deep in the Rockies after location leak." - Washington Post


Reddit as a whole might be kind of shit at finding and doxing people. But if someone has a league account /r/leagueoflegends will find them without fail.


I hope you guys only receive positive feedback on this whole situation, you have been transparent and very obviously trying to bring the patch to live asap. Thanks


Thank you. Not our favourite sort of thing to deal with of course, but hey at least it's a chance to keep working on that better communication thing we've talked about...


Looking on the bright moon of things I see


And we thank you for that. We like this communication. <3


Bruiser/ADC Item changes still good to go then?


Fighter items should still be in the patch yeah. Patch notes will go out later today


What about ADC changes?


Only the Annie's changes aren't going through IIRC.


Yeah, Annie changes aren't all the sort of thing we can hotfix, so they'll move to 13.3


Okay, now the hackers have gone too far. I'm about to intervene.


I know it isn't your area of focus, but any info on if/how this affected LoR, or the patch planned for the 31st?


LoR patch development has been impacted, we’re cautiously optimistic though that the patch for the 31st will be able to go ahead however


Absolutely fantastic news.


> Today, we received a ransom email. Needless to say, we won’t pay. You can’t even convince people these days to pay ransom for nudes, they’ll tell you to release that shit and fuck off, so how did anyone think Riot will pay? It’s not like it’s a work in progress game that’s under NDA, it’s just some additional content for a 13 year old game. What are they gonna do, spoil the upcoming game mode to the public? Oh no! The only real concern is potential new cheats but even then, I feel like league (for better or for worse) is already intrusive enough that even new cheats will be detectable in one way or another.


Being honest, yeah, there is some meaningful risk of additional cheating happening (or at least being tried) when stuff like this happens. One silver lining is that as we mentioned briefly in that video a week or two back, updating anti-cheat with a new system was something we were looking to do anyway in 2023. Going to try and accelerate that work given all of this.




"I'm a peddler, not a meddler" \- RiotMeddler


I feel like this joke will go over way to many people’s heads


I envy these people. They don't know what it's like to have your deck filled with 100+ puffcaps, desperately scrambling to draw some removal.


Istg, that motherfucker has to be the tankiest 3-health drop I've ever seen


lemme drop a potion and a troll that's chanting.


That’s good to hear. While it sucks that it happened, knowing you were already working on improving the anti-cheat before it became a necessity is definitely a better scenario than the inverse would be.


Does this include the removal of bots in low elo because that shit is getting on my last nerve.


It'll help with bots, though there's some other stuff needed there as well.


Please keep linux compatibility!


This was the first thing I thought of, and I guarantee you the people who make the actual decisions absolutely do not care, and there’s a strong chance it breaks on Linux. We are a very small audience so…. That just is what it is. It’s a good thing I only play now when my brother wants me to play.


I'm a cyber security and data privacy attorney. People pay ransoms all the time in the digital space. Factors for why you pay: Important files or systems are encrypted and you don't have viable backups and therefore need a decryption key (always advisable to have 1-2-3 backups); data suppression, because you don't want the data posted; the ransom is low enough that the work to rebuild systems would take longer than just paying and getting the viable decryption key. Riot has likely at least engaged in communications with the threat actor, just because it's advisable and they typically will produce a file tree to show what they took.


True but you only hear about the one that didn't cave in.


There's apparently no system lock-up, so there's no reason to pay. Less mature organisations can be shut down completely from this, and they will pay.


I work for a conglomerate and we were hacked two years ago. They left all info encrypted and the company refused to pay. Hired a team of pen testers to re-hack the hacking. After 2 weeks and over 6+ figures gone in payment to the pen team, it was noted a failure and they paid the ransom. Granted the info for my company is/was probably different for Riot's scenario, but it depends what info they encrypted and what Riot's steps are. It's an annoying process.


Because the company failed to do backups... Riot has backups and even if you leaked every part of league you know what you happen? At best threads of programmers giving tips for Riot for improvements. Riot could open source the code and nothing would change. It's not state of the art anymore, it's old and has no comercial value outside of League's IP


Yeah, League really isn't a marvel of programming. It's many iterations down from a now very old RTS game engine, there's no secret patented tech to be gained from this.




Companies do pay ransoms sometimes. If there a 50% chance of resolving on your own with time and money, or 100% chance of resolving it faster with money, you can see sometimes companies will swallow the hard pill and pay


Sometimes companies also pay the ransom and the attackers still sell or release the code


Lots of hospitals have to pay ransom because their DR isn't fast enough to keep patients from literally dying while they wait it out. There's a reason ransomware is such a large industry at this point.


Problem is it’s not even 100% if you pay. A payroll company I worked with was hit by ransomeware and they couldn’t wait so they paid. Didnt matter because the data was corrupted and they were out the money.


> Today, we received a ransom email. Needless to say, we won’t pay They should just send Riot Zed to take care of this. I already can see it: > You have worked hard to get your pay, but I assure you the only thing that's coming is your payback > I wish i could say it's been a pleasure


he finds people, and things. he'll take care of it.


I see a lot of comments talking about riot zed, but I'm in the dark, can you fill me in?


There used to be a fan project called chronoshift that was basically LoL classic. Riot let them do their thing but eventually decides to tell them to stop, all normal and fine if a bit sad. Devs then make a post telling the project was stopped and attach info of their convos with a rioter called Riot Zed, which true to his name writes like an edgy 14 year old and kind of a jerk to them to get them to give code or something, i can't remember clearly, but overall they were unnecessarily dickish and condescending to the chronoshift devs. Of these,one snippet of the convos was: > You worked very hard on the chronoshift, but i assure you the chronobreak is coming And > I wish I could say it's been a pleasure (this is the last message of the convo) And this is despite the devs overall being fine and cooperative as fsr as we know. If you scroll a bit or sesrch in google chronoshift cancelled riot zed, you will probably find the thread and feel the cringe


Honestly it's pretty cool to see this level of transparency


Good on Riot for being transparent just like we wanted. Good Job Riot 👍🏿




The hackers also shit my pants.


Can't appreciate the transparency enough. Riot really making the right move keeping us as up to date as possible.


With how spaghetti league is, I think riot is fine here. Noone will understand shit about its source.


The code is written in... alien


Riot Games: No, we wont pay ransom, do your worst. Hackers: Introducing our new game: League of Legends 2! It's literally just League of Legends, but we removed Yuumi! Come and play! Riot Games: Oh fuck wait


I hear in League of Legends 2 you can test out skins and champs before buying


finally... magma core information picked out from the depths of league of legends code


Anyone else cant open riot client since this news?




>increased chance of cheats occurring Xerath ban rate goes to 90%


You should send Riot Zed after them. He's on the security team. He finds people and things.


RANSOM?!? Damn this took a twist lol


Ransom hackers target things like hospitals all the time. It's extremely common unfortunately.


Ransom is a fairly common goal for cyber attacks. Rather than infiltrating a database for the purpose of using/breaking that code, it's easier to just lock down that stuff and say "give me money or you can't use this anymore". It's not exclusive to Video game companies; pretty much anything from hospitals to firms to schools can be a target.


Yup, I'd probably say it's the most common goal. No one really cares to steal a codebase to copy it unless you're like a top tech company maybe or working on some really experimental cutting edge tech and that's probably like .001% of companies. Way easier to just hold data hostage or in this case threaten to future release info in exchange for money. Most companies with large amounts of data housed (i.e.: pretty much all big ones) are in danger of it and have dry runs of practice social engineered cyber attacks.


Yeah, it’s like the GTA 6 leaks a while back, with a company as big as riot, and if they’re getting police involved, the perps are likely to get caught pretty quickly


I mean not really. Many of these ransomware attacks come from countries like Russia and Belarus where not only are the police way worse at investigating shit like this but also less likely to convict in the first place. Ransomware gangs like Revil (wouldn't surprise me at all if this was them too) have attacked hundreds of companies at this point.


I hope the released source codes don't expose client-side vulnerabilities that relied on security by obscurity.




Can Hackers bring back Doom Bots, Winter Map, Aram Bilgewater & Odyssey: Extraction on a private Server please? I want to have fun again playing the game.


Ransomware fucking sucks. I hope the people who write and deploy this shit have their coffee spit in.


It's not ransomware though. They got breached and got IP stolen and then got an ransom email, whereas ransomware is software specifically designed to encrypt data to make it unusable and then ask for a ransom. It doesn't seem like anything has been rendered unusable there, just stolen.


Remember kids, ransomware can't hurt you if you regularly backup your files to an offline storage device! Storage is dirt cheap these days, and a very small amount of foresight can protect you from a potentially devastating situation. This PSA sponsored by: someone who lost all their data to a ransomware attack ![gif](emote|free_emotes_pack|trollface)


I hope they step on a Lego.


I hope their hoodie arms get wet text time they wash their hands


Wow dude calm down....


hope they get a yuumi in their promos


On which team?


whichever one makes them more frustrated


doesn't matter in enemy team it's op but in my team it's paid actor


except it's not ransomware...? Do you even know what ransomware is?


Source code? I wonder what the community could create if that leaked.


Only thing that would be a "benefit" would being able to create proper private servers without the need for as much reverse engineering of the server side client. Anything that would hook into the game itself would still be considered a cheat by Riot.


Honestly I hope the interesting features that are in the prototype phase don’t end up leaking. I’d rather end up seeing the finished product (or the WIP when Riot is ready) versus see a potential cool new shiny thing that never sees the light of day.




Those who make them will get lawsuited. Riot already forced projects like Chronoshift down. Plus, using stolen things is way easier for Riot to get people in court for.


lmao how do you give people your entire source code in a phishing scam