Please provide some examples, your linked article did nothing of the sort.
Nobody said anything about holy grail but extraordinary claims require extraordinary details. The OP provided no details so to assume MtGox 2FA has been compromised is dubious at this time.
Measures like the above would greatly help secure user accounts (in addition to TFA) while being rather easy to implement, so Gox really has no excuses for neglecting such details.
Unless the OP had a horribly weak password the most common attack vector is compromise to the users machine and gain access to credentials via keylogger. In that instance it is highly likely the user's email address is compromised as well (unless it is also protected by 2FA). A more sophisticated attack would use OP computer as a proxy or to just steal the OP session when already logged in. In either case the only IP would be the users. Layering steps and procedures which all involve the same compromised machine is probably just "feel good" security.