I don't have the background to comment on the technical details of cryptography and related security details. However, I haved learned enough from published accounts of the DAO exploit to believe that this particular "hack" had nothing to do with compromised private keys or weaknesses in the underlying blockchain security layer. The hacker was able to exploit a logical error in the "smart" contract in the DAO, and found a way to execute code in a way that sent him/her/them DAO tokens in strict accordance with the terms of the contract. Obviously, not the intent of the code designers and writers (unless it was an inside job), but the hacker was strictly "playing by the rules" of the system as it was manifested. The reaction of the Ethereum developers was, in effect, a bailout reminiscent of the fiat money "to big to fail" mentality. The whole fiasco might have been avoided if these design concepts had been perfected at a manageable scale and not allowed to grow into a $150 million experiment with other peoples money. The loses were averted for DAO token holders, but have been significant for the Ethereum stakeholders and developers, and this will continue into the future.