Wasn’t there also source code stolen?

The time might have been spent analyzing the source code for vulnerabilities in the way the vaults were being protected.