Yeah, now that you mention it I do remember that one. Though I think in that case there were some additional factors at play, like the fact Darkmatter wasn't actually a trusted root CA in the first place (only an intermediate CA, like you said), and had just got caught using insufficient entropy in their certificate serial numbers (which wasn't a huge deal in terms of impact, but was technically still against the baseline requirements).