Do we know what their root mistake was? I've studied and deployed DNSSEC, and as I see it, the current version is pretty much the simplest thing that could possibly work, given the way DNS works.
The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible.
That's their current official statement. I could guess but I would rather wait until they have an official statement. I would imagine they must know but they are probably going back and forth with their legal team to word it very carefully, or at least that is what I would be doing if I were in their situation.
