Re: What libraries for secp256k1 have been used for bitcoin in the past?

It's possible, but IMO it won't be easy to find. It's more likely we find exploit within CSPRNG/PRNG or someone put backdoor for k values of ECDSA.

How is it possible to backdoor 'k' value? I thought 'k' is generated from a hash of private key?