Cloudflare held that it was unlikely that private keys could be extracted using the Heartbleed vulnerability. So they set up a challenge with a reward. Only a few hours later, here they are reviewing the successful attack. (There were in fact two successful attacks: the second needed only 100k packets)
See https://news.ycombinator.com/item?id=7576389 which is well worth reading.
https://twitter.com/eastdakota/status/454792635279220737