Resolves to YES if one or more perpetrators are charged with a crime and found guilty in court of law.

If someone is meaningfully personally identified, but charges are not pressed for whatever reason, it would also resolve YES at my discretion. For this to happen, there would need to be strong evidence tying the backdoor to an IRL identity ("Jia Tan" is a completely fabricated identity for all we know).

If Jia Tan is a real person but their account was merely hijacked (or they were being blackmailed etc.), it resolves to NO unless we find out who the real perpetrators are.

If the attack is generically attributed to a nation-state or APT group, it resolves to NO.

The close date may be extended at my discretion if it looks like progress is still being made on the case.

Some relevant links:

Initial public disclosure: https://www.openwall.com/lists/oss-security/2024/03/29/4

FAQ gist: https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27

"Everything I Know About the Xz Backdoor": https://boehs.org/node/everything-i-know-about-the-xz-backdoor

I won't bet in this market.