The screenshotted text in my tweet is from the transcript of Rob's Q&A session. The transcript is timestamped if you want to hear it from the horse's mouth. He came back to the topic a few times throughout the Q&A so i'll try to summarize: when Epik acquired the Colorado Springs-based IntrustDomains in 2011, "it came with a Russian development team". "At the time they were based in the Ukraine, or in the Crimea region. Then there were wars and then they moved to Krasnodar, and they’re based there." "The code base that the Russians were totally safeguarding, they wouldn’t give our new engineers access to the git, now we know why: the code sucked."
Epik engineers outside of that group only gained access to this 10-year-old git repository following the hack: "our top engineers mostly hadn’t seen that code because it was kind of blackboxed, behind a firewall, separate git repository, and not part of the Epik git. And that might sound surprising… considering that we’re like a registrar, but that’s basically because of the history of how that company became part of Epik. It was an acquisition, it is a captive dev team, and I’ve operated with that group to a large extent on the basis of trust. They’re good people, they’re honorable people, ethical, responsible people, but their coding methods and frameworks are not up to standard, and they’ve pretty much handed over all the keys to two top guys, Justin Tabb, David Roman."