"Because we take these claims seriously, we investigate each one, but almost all of them turn out to be fake with the sole purpose of extorting us. In the event that someone comes to us with a legitimate matter, we pay a bounty and part ways with a professional understanding that as long as we promptly fix the issue, the matter is considered closed."

"This same person then found another client-side exploit where he could alter the style of his Trollbox name to resemble the color of a moderator. Despite what has been falsely reported, he did not gain moderator privileges. Still, we would have considered this a bounty-worthy bug, but rather than report this to us, he decided it would be a spectacular idea to go into the Trollbox and flaunt what he had found. He was quickly banned, and a fix for this bug was implemented in a matter of minutes."

Umm... so polo has been hacked before, they raised security measures and repaid the users who lost funds. It has been over a year since then and the staff (both behind the scenes and in the TB) have grown significantly.

You would think that with their history and man power, they would have security pretty tight. The only vulnerabilities I see are "user-error" in which some dumb-ass (either mod or user) makes a mistake. Even if an attacker managed to send withdraw requests, the coins are (from what I remember) in cold storage and you need 2fa or email confirm to do a full withdraw.