There is a bug in the REFERENCE implementation, which is used by almost every exchange. And one criticism of MtGox was that they used a custom version of the reference implementation, and should have used the standard one. You can't have it both ways.
Is there a reference implementation for SSH? I don't think so.
By your standards then SSH is broken, which is false. I don't want to have it both ways.
I think if you are running a money service that you should not rely on variables that were known to be malleable since 2011. There's even a wiki page about it, on a site the guy owned, since Jan 2013.
Either they run someone elses code and made sure it worked, or run their own code and made sure it worked - and by worked I meant worked the way they needed it to, not the way they expected it to.
However, it's quite clear that this is a bug, and it could have affected them, and they could be telling the truth, contrary to what the original article says.