[periodontal]

Basically, Dual EC is never something you'll choose willingly, given alternatives (it's quite slow and has had a slight bias demonstrated). So no one* did in practice. This made the backdoor almost a non-issue (so no heartbleed-like panic to patch, etc.).

However, having it in the standard (since removed) is perfect for fallback-like attacks or surreptitious changes (in the best case, your target has already implemented and deployed your exploit code and all you have to do is throw the switch to enable it!). That's what this is demonstrating (though some of the details are still speculative).

* Exception being those paid or required to do so by NSA.