It's probably that instawallet's 'hot wallet' wasn't large enough to empty all the big ones. Perhaps the hot wallet was drained and that's what tipped them off that there was a problem. Perhaps they refilled it a few times before noticing what was going on. We do know they had a 'cold wallet' which presumably held the majority of the coins.
I don't think the hot wallet was emptied.
If you look at
the transaction history of their cold wallet, 1FrtkNXastDoMAaorowys27AKQERxgmZjY
you see that 6 transfers totalling 320BTC were made *to* this wallet, just prior to its subsequent
evacuation into 1LrPYjto3hsLzWJNstghuwdrQXB96KbrCy (together with bitcoin-central funds).
You can also notice that this is a very unusual pattern for them to put money into cold storage: usually it's 1 transaction every few days; not several transactions in quick succession.
What is more, among these 6 transactions, is the address of my instawallet, to which I transferred
the funds about 6 hours before. (I was unlucky to try to tumble some coins through instawallet in the worst
possible moment.)
So from this it's quite clear that not all hot-wallet money were stolen. Probably the hacker accessed
the database from where it was not supposed to be accessed, and that triggered the alarm.
How many URLs he got and how many he tried to empty we don't know.