Tags: schnorr ecc 

Rating:

tl;dr:
1. Notice we can change public key every time we issue commands
2. Grab server public key point Q
3. Calculate "fake" public key S = P-Q
4. Withdraw using key S, so that S+Q = P for which we know private key

Full writeup: https://github.com/p4-team/ctf/tree/master/2019-09-14-realworld-quals/bank

Original writeup (https://github.com/p4-team/ctf/tree/master/2019-09-14-realworld-quals/bank).