"The problem that led to the vulnerability was reportedly wallets generated with previously used 'R-values' in formulas that generate random numbers, meaning a hacker could use the public address to calculate its private keys. If R-values are unique, this should be impossible." - CoinDesk.
https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c reference: http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/
"For those interested. The bug was caused by missing line 29 and not initialising rng_pptr to 0. This commit was force pushed over." - ZooTreeves.
wouldn't rng_pptr be some random number if it wasn't initialized? Why would it be exploitable then?