Re: Risk of detection?
"Or I can have £400,000, and spend my life waiting for the knock on the door."
Or you can have the £400,000 and a signed contract avoiding all legal liabilities to yourself - for use or bad-use of the vulnerabilities / penetration security services you sold to third-parties.
Also should keep some encrypted juicy code / vulnerabilities to reliable important partners, so, when the time comes, your "player pass" is worth more than a sting job. And you are most likely safe from any foreign influence operation. Strategy.