The NSA released the crypt32.dll ECC validation failure 0day to attempt to regain trust from the security community.

They refused to say how long they have known about it.

My theory is that, due to the power of this bug, they would have sat on this only until they detected an independent discovery, and then burned it. They would never burn such a thing if it were their only one, or if it were still believed to be entirely unknown by anyone else. It’s far too valuable an offensive tool.