That is not what I sent to smooth in private. I said the attacker could have sent the coins to recipient thus attacker would know P = xG = H(rA)+B, since the public key is (A,B) and sender of the tx chooses r.
Just checked. Apparently I was too sleepy when I messaged smooth (and probably multitasking too). I sent him the wrong equation. Mea culpa.
But you'd think the mathematicians would take a look at page 7 of the whitepaper and figure out the attacker knows the symmetrical equation.