The fuck?
Discussion
Oh you don't know this story? A bunch of wallets lost a bunch of user funds by using a broken implementation of SecureRandom on Android. Then later blockchain.info fucked up again by using a web call to random.org that failed.
Since address reuse was rampant, there resulted many cases of reused R, even at large scale.
Fun days. I was fascinated with nonce reuse and I wrote an article about it. The article is shit but personally it has some historic value. https://www.codeproject.com/Articles/895917/Bitcoin-Traffic-Sniffer-and-Analyzer
Found this link in the bitcointalk thread fwiw. Thanks for sharing
https://www.reddit.com/r/Bitcoin/comments/2onm5r/blockchaininfo_security_disclosure
Shitty old wallets would screw up their transaction signing, and reuse a value that is supposed to be unique per signature. The reuse of this value can be detected and used to extract a private key.
This is the same principle used to crack PS3 discs back in the day. Sony made a fucky wucky and reused the same R value across all licensed titles when they signed the digital assets for the purposes of DRM (the PS3 would only play discs signed by Sony's private key). Once diligent hackers had detected the she R values across multiple titles, they were able to extract Sony's private signing key.