Those are good questions that we’ve been looking into since we became aware of the leak. Investigation on all fronts is still ongoing; we will share a full postmortem after we conclude the investigation, but we also don’t want to start speculating, or jump to conclusions prematurely.
We audited the machine where the oracle was running, logs of critical services, and our infrastructure more generally, and so far we found no evidence of compromise of our infrastructure, and hot wallets similar to the compromised one remain unaffected. Activity of the exploiter points towards an automated system, rather than a targeted attack. Our team, infrastructure, and policies have evolved since 2021, when the compromised key was generated. It’s hard to definitively rule out anything for a key that has been in use for this long, but we can say that some classes of compromise look unlikely, based on accounts that are not affected.