There are probably a large number of these bugs in the cryptoecosystem. It will be interesting to see how many of them are disclosed like this (the best case scenario), and how many are exploited.
"After verifying that the bug was trivially exploitable, I set out to notify the Bitcoin ABC developers — but quickly realized that I had a big problem. This was a bug in publicly-available, open-source software; any number of people could have already discovered it. There was nothing to stop anyone else from making the same discovery and taking advantage of it before a fix could be fully deployed.
So how might that play out, in the worst case scenario? Suppose that I privately disclosed the bug using my name — only for someone else to find it independently and exploit it anonymously the next day. Because I used my name for the disclosure, hard proof would exist that I had the knowledge and means to attack the network. I would have no way to prove that I was not the attacker. Then consider that, collectively, billions of dollars could have been lost as a result of this exploit. People have been killed for much less. So not only was anonymity important, I considered it a necessity for my safety."
https://medium.com/mit-media-lab-digital-currency-initiative/http-coryfields-com-cash-48a99b85aad4
"After verifying that the bug was trivially exploitable, I set out to notify the Bitcoin ABC developers — but quickly realized that I had a big problem. This was a bug in publicly-available, open-source software; any number of people could have already discovered it. There was nothing to stop anyone else from making the same discovery and taking advantage of it before a fix could be fully deployed.
So how might that play out, in the worst case scenario? Suppose that I privately disclosed the bug using my name — only for someone else to find it independently and exploit it anonymously the next day. Because I used my name for the disclosure, hard proof would exist that I had the knowledge and means to attack the network. I would have no way to prove that I was not the attacker. Then consider that, collectively, billions of dollars could have been lost as a result of this exploit. People have been killed for much less. So not only was anonymity important, I considered it a necessity for my safety."
https://medium.com/mit-media-lab-digital-currency-initiative/http-coryfields-com-cash-48a99b85aad4