… A vulnerability broker he had known for a while and trusted had introduced him to a new researcher called James Willy "from New York," Caceres [said]. "We hopped in a group chat, the three of us, and he sent me a Visual Studio project to take a look at a driver bug that caused a blue screen of death." … "James" [said] it was linked to Google Chrome – an instant attention-grabber for bug hunters. Vulns affecting software used by tens of millions worldwide are rare and command hefty rewards. … "The code was all legit, it was a real crash with potential security implications, but I wasn't careful when I opened the Visual Studio project." [But] opening some Visual Studio projects can cause code to execute, which was the North Koreans' attack vector.