What I don't get is that you go from this:
And only one person ever sees the private keys before they are destroyed from our records--and that person is me. I am the CEO and I engrave the coins myself. I also do the ciphers and much of the packaging. Tamper proofing cases like this is a challenge. It's slow and tedious work. But thorough. We built in 6-8 weeks just in case we got big orders. We would rather our customers be pleasantly surprised than disappointed.
To this:
We (My brother and I) are the only ones who had authorized access. There were very few people who had access to our facilities, but we had robust security measures. The theft is breathtaking to us because we still can't figure out how they did it under our noses and left no trace (until the theft).
My current theory was that it was a theft while we were in the milling process of producing the actual coins themselves. If it was not an insider who did this (and thus a close friend or relative), then it was someone who knew an insider and got the information from them. We can't truly be sure who spoke of what and to whom within the very limited circle of insiders, and what those secondary individuals might have told others.
You claimed that you were the only person who had access to the private keys to saying that several people could've had access to them, and even possibly shared them with secondary individuals......
you are right : all is based on what OP said ... that's all. so , if he need to refund few more guys to have "few more guy who trust him" .... let's do this ! damn : if all precautions were taken, no problem were happend ! is private keys were properly destroyed or NOT ?