The attacker was able to empty the balance on accounts with the API key enabled. The issue is being actively looked upon. API access has been disabled.
Everyone who has lost money will be fully reimbursed.
Great to hear!
My coins were also lost (Transaction e3da16d145fac74403c6c55bcfd0eb1529548267f30c28a5ef009b7b69243dc1)
If that could be please reimburst when you have the problem solved. Thanks for the great service.