[fletom]

According to them their marketing guy clearly had to have the ability to upload arbitrary executable files to their Wordpress site. Which by the way ran their entire exchange and had direct read/write access to their balances database.

That's utterly comical. It makes me think there should be a The Onion for crypto/infosec news because I haven't laughed that hard in a while. I feel bad for them but thinking they could run a cryptocurrency exchange with a solid zero on the scale of zero to having a clue about security was pure hubris on their part.

Also the author's level of denial about their incompetence is incredible:

"Even the most secure systems can be circumvented with enough time and ingenuity."

"And we were secure and solid for a year..."

"Well, due to some apparent exploit in wordpress, someone, somehow, got into the server tonight, installed some files, and managed to empty the goddamned BTC wallet. Best I can tell it was something with that worthless pile of shit software wordpress." (earlier notice on allcrypt.com)