This underestimates the adaptability of threat actors. Massive cryptocurrency thefts from individuals have created a market for a rather wide range of server-side bugs.

Got a Gmail ATO? Just run it against some of the leaked cryptocurrency exchange databases, automatically scan for wallet backups and earn hundreds of millions within minutes.

People are paying tens of thousands for “bugs” that allow them to confirm if an email address is registered on a platform.

Even trust isn’t much of a problem anymore, well-known escrow services are everywhere.