Scanned the paper and looks like they're using keys that are < 256-bit hence the vulnerability. Also I think the encryption keys which were found vulnerable are separate from the transaction signing keys
But then the article and its citation is plain wrong. 256 bit keys(3 of them) are cited multiple times
""This is a mystery," the French researcher said. "The only possible explanation we can think of is that the designers thought this would compensate for the too small key sizes of the primes involved. But 3 primes of 256 bits are really not the same as one prime of 768 bits."
However, a public key of a length of 1024 bits may not be enough, according to Gaudry, who believes officials should use one of at least 2048 bits instead."
The paper[1] makes it much clearer. They aren't using elliptic curves, they're using prime fields with ElGamal (with a weird construction using three separate keys for some reason). The security is similar to RSA-256 (in other words, "awful") -- it makes sense that they could crack it in 20 minutes.
Why do people do weird stuff like this when there is gobs of good ECC code for things like ed25519 and ECDSA with standard curves that is easy to use and just sitting on GitHub?
Implementating complex crypto correctly is hard but its really not that tough to use common constructions in a secure way. A few days of reading can tell you how to build a cryptosystem that is at least not total holey cheese.
One theory that the paper has (in the last page) is that the reason for the construction was a consequence of Solidity only having support for 256 bit integer arithmetic. So as a workaround (to avoid writing a library that does larger bit operations) they came up with a scheme using three 256-bit keys instead.
Obviously using Curve25519 would've made it possible to have a secure setup under the "256 bit arithmetic only" constraints, but I have a feeling (assuming this theory is correct) that someone who thinks that three 256-bit keys are significantly more secure than one 256-bit key probably would've messed that up too.
""This is a mystery," the French researcher said. "The only possible explanation we can think of is that the designers thought this would compensate for the too small key sizes of the primes involved. But 3 primes of 256 bits are really not the same as one prime of 768 bits."
However, a public key of a length of 1024 bits may not be enough, according to Gaudry, who believes officials should use one of at least 2048 bits instead."