The graph displayed of ECDSA duplicate r-value exploits shows 2 prominent "columns" of addresses, the latter of which was in April/May 2014.
That latter column was directly related to a commit that I made to the bitcoinjs-lib master branch (which was undergoing major refactoring at the time).
The issue itself was that a `Buffer` was being interpreted as `0` by crypto-js's cryptographic hash functions in our implementation of RFC6979, thus creating a case of duplicate `k` values.
The second most interesting point was the majority of the funds (>20k USD) stolen from Counterparty (the only known users of our master branch at that time) was returned by a grey hat.