The bitcoin exchange AllCrypt.com has gone down, and 42 bitcoins is reported missing. The Allcrypt.com site has a note posted saying Allcrypt.com is down for a bit. Attempts are being made to resurrect the site, and details will be posted as they become available.
WordPress is a blogging platform. Using it for something as serious as handling the transfer of thousands of dollars, or potentially hundreds of thousands or more, is absolutely a failure in logic. Even if you had to begin with a WordPress platform to get off the ground, you should not have continued using it once money started flowing. Either a proprietary solution developed in-house or a solution licensed from a veritable vendor would have been more appropriate.
The culprit seems to be WordPress in every way, since the hacker was able to use it to upload adminer.php, a well-known database management tool which allowed him to modify the sites database at will. He then sent MySQL calls for non-existent accounts to have their balances changed. At some point, the sites secondary accounting system was able to stop him, but he was able to recover from this roadblock and continue by converting the fake balances to other coins, an obvious oversight in the architecture of the exchange.
The site's owners blames Wordpress for their failure, diverts responsibility away from the sites owners.That's what they always do, they either say it was an inside job and there was an ex employee who did it and since that story was getting old and boring they're now coming up with newer excuses so nobody blames them. Now it's wordpress, somewhere down the line they're gonna say it's the hosting company etc etc.
The fact is people should just stop trusting sites just because they say they're secure and they have a pretty looking site. They will keep making new ones and keep coming back unless something is done about this.