Maybe a consideration: this isn't necessarily a nation state. It could literally just be one or more individuals trying to set up some sort of crypto heist. At this point we need some sort of new adage to the effect of "never attribute to nation states what can be attributed to crypto"
To me this is false. They usually like quick profits. Look no further than Ethereum and defi chains like Optimism,Polygon etc. It is so easy to write a malicious contract that even I with more than 12 years in the cryptocurrency space got had and lost 1k.
The attackers would have to know the distributions used by the company they are targeting, that connections are open to the internet, that the company won't change their setup over the course of several years.
Everything you are saying is so far out of the realm of possibility that it makes me wonder if you follow this stuff at all.
If you had 2+ years of spare time, and these type of skills, the attacker would be far better off just trying to get a job inside the organization they are targeting.
> If you had 2+ years of spare time, and these type of skills, the attacker would be far better off just trying to get a job inside the organization they are targeting.
