If they were hacked that means something wasn't working properly (Is this really confirmed?). And obviously they didn't know how to handle bitcoin transactions properly. By no means has there been no problems, even if we ignore poor coding practises.
The reason and the how to of the hack might not be poor [or not] web backend. It could also be bad sys admin and bad system security or even just internal.