Interesting... the relevant part is:
Why did this work? ECDSA requires a random number for each signature. If this random number is ever used twice with the same private key it can be recovered. This transaction was generated by a hardware bitcoin wallet using a pseudo-random number generator that was returning the same “random” number every time.
This is a known implementation issue, and why people make a big deal out of random sources and entropy. Seems there is a flawed implementation floating around? I wonder what this hardware wallet is exactly.