|
|
|
|
|
|
by Daviey
921 days ago
|
|
|
You are right, I should have waited for the postmortem.. it appeared the likely way because the secret was in the release pipeline env. However.. something doesn't add up. There is no chance that a malicious actor gained access and in a couple of hours put together this exploit. Or, I can't see someone putting together this exploit, THEN trying to spear-phish in hope of getting lucky and pressing the button. |
|
|
How can you not see someone doing that? The effort netted them $600k.
Is this not how exploits work? Build the exploit and then try to use it by finding an "in." They don't find an "in" and then build the exploit.