You are right in the general case. But the public key is included in a transaction when it gets signed, and in this particular case the attackers already had part of the private key, that's what allowed a different attacker to combine both pieces and break the private key quickly.