Smells like fractional reserves...
Bitstamp was audited by Mike Hearn, a Bitcoin dev back in May 2014. He said that everything seemed OK and all the funds were fully backed in their cold storage wallets. This was just 8 months ago and I'd be surprised if the situation has changed since then.
Yeah, well... This was
before the hack, huh...
Now, there are not a million options here:
1. Bitstamp pays $5M with the fees they charged. That's tough, because they had about $1.5M worth of trading each day. At a 0.3% average, that gives $4500 per day. It would take them 1111 days of such fees to pay for those $5M, running costs non accounted for.
Impossible.
2. They get $5M from their insurance. I've been working with insurers for such matters myself. Can't find one that would do that, so I'd bet they weren't insured for such a hack.
3. They get $5M from investors. That's tricky. New investors won't be stepping into this mess, so that leaves the previous VC that brought $10M. But this money was probably spent. If not, why bringing it in in the first place? Maybe they'd add $5M to protect the $10M they invested prior to the hack, but that's a dangerous move. Not impossible, but doubtful...
4. They run on fractional reserves. Easy, as long as 88% of the funds remain there.
On which option would you bet?