Yes – https://news.ycombinator.com/item?id=7558015 – but not sure that wholly rules out the chance the audit of that code started because of other anomalies, which focused suspicion.

Would love more detail from each of the researchers, in their own words, even if the full story is still just a mundane variant of, "we're always reading code, we just happened to be reading this code this week, it looked buggy, we confirmed danger and reported to OpenSSL".