That is not what I sent to smooth in private. I said the attacker could have sent the coins to recipient thus attacker would know P = xG = H(rA)+B, since the public key is (A,B) and sender of the tx chooses r.
Note this doesn't really apply to a widescale attack by a single attacker. Rather if it is valid, then it means senders can steal back what they sent to you if they can de-anonymize you and they can rewind the chain, which isn't likely.
But there is any easy fix all of you could do now. Go send your CN coins to yourself at a new address. Then you are both the sender and the recipient.
That is why I said I upthread I wasn't too concerned about this additional insight.
However, there is still the prior insight where we have two equations and two unknowns
x and
q.