m
from the sound of what the ceo said that they are moving the bitstamp environment to a more secure server location means that the physical servers were not so secured.
where do they keep their physical servers ?? in their moms basement ?? seems like bitstamp should at least be PCI compliant which means their servers need to be physically secured.
when they do an 'audit' then they need to do a security audit. if their stuff is not secure then they should not be in the business. hiring the engineer is expensive but cheaper than losing 5M a year.
from what i have read it sounds like someone walked in to their datacenter (or moms basement) and stuck a flash drive into the server and walked away with the wallet.dat file.
i not saying that is what happened but gathering what the ceo said and what i have read it sounds like maybe that what happened. whatever the case is they did not have sufficient security.
and what to do if the engineer or auditor cannot resist £5m?
if someone walked into their datacenter and used a flashdrive, then they are probably in a police cell as we speak. unfortunately the law in the uk takes a long time, which doesn't bode well for a quick resolution.
They could have installed simple software that blocks access to USB devices. It's basic security for secure servers and I would be surprised if Bitstamp's servers wern't protected. Here is a very basic example of such software.
http://www.snapfiles.com/get/giliusb.htmlGiliSoft USB Lock enables you to block access to USB and CD/DVD drives as well as other PC devices, including printers, modems, Bluetooth adapters and more.