I think it could be heaps clearer. To almost everyone outside of a small slice of people in the world, there's a bit difference between "The wallet was hacked and funds were successfully removed from it", and "The wallet was hacked and a key and salt were recovered".
Just because something CAN be done, that doesn't mean it's trivial. Someone's PK "can" be guessed, it's just incredibly unlikely. So for people, like myself, not 100% knowledgable on this type of tech, if someone goes through all the trouble to get the keys, but doesn't complete the final step of actually removing coins, it looks like either for some reason they can't or they are just completely naive and assuming everyone else knows exactly what they've done.
Well, that's the researcher's claim. The article also presents Bitfi's claim which says the exact opposite, and makes no effort to debunk one or the other. Hence my confusion.
Just because something CAN be done, that doesn't mean it's trivial. Someone's PK "can" be guessed, it's just incredibly unlikely. So for people, like myself, not 100% knowledgable on this type of tech, if someone goes through all the trouble to get the keys, but doesn't complete the final step of actually removing coins, it looks like either for some reason they can't or they are just completely naive and assuming everyone else knows exactly what they've done.