On approximately 23 February 2022, the Lapsus$ extortion group compromised Nvidia’s internal network and exfiltrated approximately 1 terabyte of data, including proprietary GPU source code, DLSS (Deep Learning Super Sampling) AI upscaling technology source code, firmware, drivers, and credentials for 71,335 Nvidia employees. The group demanded Nvidia remove its Lite Hash Rate (LHR) cryptocurrency mining limitation from its GPUs and open-source its GPU drivers — both of which Nvidia refused. Lapsus$ subsequently published the stolen credentials and source code online. Nvidia confirmed the breach on 1 March 2022, stating that employee credentials and some proprietary information were stolen. Nvidia initially attempted to retaliate by deploying a self-spreading malware into Lapsus$’s infrastructure (reportedly infecting a VM), but the group claimed to have backups. The stolen DLSS source code was distributed online, raising concerns about reverse engineering and security research. The employee credential dump (including NTLM password hashes) was quickly cracked and published. The attack demonstrated Lapsus$’s capability to penetrate high-security technology companies through relatively simple social engineering and credential theft methods. Lapsus$ targeted several other major tech companies around the same period including Samsung, Microsoft, Okta, and Ubisoft.