If I read that article correctly, the main issue is that certain banks didn't bother to verify signatures and as a secondary issue don't bother checking nonce uniqueness either. http://xkcd.com/1181/