Well done on using -K to recover the key, it's a small but crucial detail the best course of action now depends on your assumptions about the nonce K you have discovered other signature pairs that reuse the same R (same r in the signature), but with different private keys and unknown K to create a relationship between the two private keys, you can set up the ECDSA equations and remove K if the same R appears in multiple messages in particular, you can derive an equation involving s1, s2, z1, z2, d1, and d2 for two signatures using the same r but different messages and private keys because s = k ^-1(z + r·d) mod n under some presumptions, such as small key theory, this can be rearranged into a two-variable equation Lattice attacks—such as LLL or Coppersmith's method can be used to resolve discrepancies or known structures. You can use d = (s·k - z)·r^-1 mod n to compute the corresponding private key if you suspect that K is reused exactly (or as -K, K + c, etc.) then, you can verify that the derived public key corresponds to the target address. You may also think about examining the entropy or structure of the nonces used if K is big but originates from a weak PRNG or predictable pattern, particularly if these signatures are from the same wallet or buggy implementation the best course of action is to look for nonce reuse patterns, create equations between the private keys, and then use algebraic or lattice-based methods to recover them