read about how public keys can be generated from other information of the blockchain like block hash, merkle root, transaction id or Sha256(public address) and different methods to track down and regenerate these 'discoverable' private keys.
this is obviously a 'hide in plain sight' exploit that needs to made public!
