Rainbow Six Siege Hacked: $339 Trillion in Fake Credits, Streamers Banned, CEO Mocked
Want to learn ethical hacking? I built a complete course. Have a look!
Learn penetration testing, web exploitation, network security, and the hacker mindset:
→ Master ethical hacking hands-on
(The link supports me directly as your instructor!)
Hacking is not a hobby but a way of life!
You log into your game. Suddenly, you got $13.3 million in your account. 🥳 You didn’t earn it. Neither did 30 million other players. December 27, 2025. Hackers broke into Rainbow Six Siege and gave every player 2 billion R6 Credits.
At Ubisoft’s prices, that’s $13.3 million per account. Total damage across the player base: $339 trillion in fake money.
But they didn’t stop there.
The attackers had full control of the game’s backend. They banned players at random, including high-profile streamers. Unbanned others. Unlocked every skin in the game, including the ultra-rare Glacier skins and stuff only developers should have. They even took over the ban ticker, a system Ubisoft says was already turned off in a previous update, and used it to mock the CEO.
VX-Underground tracked five different groups involved in the chaos:
→ Group 1: Did the actual Rainbow Six Siege damage. Gave away the $339 trillion, caused the chaos, now laying low. → Group 2: Claims to have Ubisoft source code. Lied about how they got it. But they do have internal Ubisoft stuff. → Group 3: Lying on Telegram, claiming to have user data. Trying to scare Ubisoft and customers into paying. All fake. → Group 4: Calls Group 2 liars. Says Group 2 had access for a long time already and is using this hack as cover. → Group 5: Showed up with proof. Step-by-step breakdown of how it all happened. Skilled reverse engineers. Promised a full technical writeup later.
Most of these groups know each other. Ubisoft knows about them too now.
So how did Group 1 get in? They didn’t hack a database. They looked at how Ubisoft’s backend works, found that the system trusted requests it shouldn’t, and just… asked. Ban a player? Sure. Add 2 billion credits? No problem. The door was open.
What Ubisoft did:
→ Shut down all servers worldwide → Closed the marketplace → Rolling back everything to December 27, 11:00 AM UTC → Said nobody gets banned for spending the fake credits
Where things stand now (December 29):
→ Servers are back but still shaky → Marketplace still closed → If you logged in during the hack, some of your real items might be gone temporarily → Ubisoft says the cleanup is ongoing.
You know, this isn’t the first time. Ubisoft got hit by the Egregor ransomware gang in 2020. They leaked Watch Dogs source code. In 2022, Lapsus$ broke in and messed with their services. Now this.
If you have a Ubisoft account:
→ Change your password → Turn on two-factor authentication → Remove your saved payment info → Watch out for fake emails pretending to be Ubisoft
These games run real economies. When hackers get in, it’s not just pixels that get lost.