the most likely weakness is in the ECC implementation. i don't understand the math (who does?) but what the debate over https://safecurves.cr.yp.to/ tells me is that very few people know what a "weak curve" is but people agree that they exist. this has always made me sketch on ECC in general, especially since it is also used in Tor. Another possibility is compromising the RNG used for creating the pvt sig? which since these are early addresses they would have been from a very early version of the software, and might have used a shitty RNG. If this is a crack it could definitely be state level actors (who has the US pissed off lately? who have they not?). Whether it is state/private the goal would be to extract as much real money as possible before creating a panic, so will be interesting to see where the money goes.