tl;dr: IOTA is so batshit crazy they managed to turn a theoretical one-time-signature vulnerability into an actual, practical to exploit one.
People are starting to do deep-dives into the Iota crypto code and things aren’t looking pretty. I’m fairly confident there’s more where this came from.
IOTA Signatures, Private Keys and Address Reuse? A little light reading: #homegrowncrypto
Soon: Iota announces it is suing the number 13 for breaking their signature scheme.
I suspect you did, but for anyone who didn't see the answer (some awesome digging by Willem Pinckaers):
Another nail into IOTA coffin? IOTA Signatures, Private Keys and Address Reuse? - Lekkertech