I'm in agreement with DeathAndTaxes and Mike Hearn that this exchange needs to return everyone's money and shut down.

If the operator wants to continue running it as soon as possible then I think at minimum:

• They need to hire someone to do an audit of existing code, and have the exchange shut down while that is happening.
• A report of the code audit should be publicly released, any deficiencies found should be fixed or mitigated until there is time for a proper fix.
• An experienced developer should be hired to do the bulk of the work in future.

This is not a project for which the operator should be learning on the job.

The difficulty with the above will be reassuring the customer base that it's actually happening and that properly competent auditors and coders have been hired.

If there's not enough profit in Poloniex to support this then I don't see that there is any way forward but to shut it down.

Unfortunately there are so many unconditionally trusting people in this thread that the temptation will be huge for the operator to do none of this, or just pay lip service to it, because it looks like very few customers will be lost in the short term.