The attack on ECDSA with biased nonces is a standard technique. An attacker collects at least 521/9≈58 signatures from signed Git commits or victim logins into the attacker's SSH server. A bit of math allows the attacker to calculate the private key offline.

— Marcus Brinkmann (@lambdafu) April 15, 2024