Yes but it didn't make sense to me a lot, since the example they gave was, for one transaction which had the same public key do the repeat.
So far, it repeated the R value from another address where the address in question was as output. Not sure what specific transactions they may have used then, to report this one as compromised.
You should be looking for transactions with inputs containing matching R-values that has the same public key.
In that address' case, these are the transactions that spent those outputs:
- 9173e0721afdb0ef1abd76b7f1b73c584728156e9bb865bc97e47b444f171ec2
- 637c73f6f1d7bc8c37f5b0de1c8a9cd16a4a58407a966b6088f891e0859d793d
Both first inputs have matching R-value in the signature and showing the same pubKey.
But those hashes are not the z-values that the script needs, it has to be re-created from the transaction data itself.
You can use any any RSZ tool (
example) to conveniently get those values.
Then, use the shared Python script in this answer instead of that AI-generated script:
https://bitcoin.stackexchange.com/a/110827, the output isn't WIF though.