Looks good, I hope this result can be verified!
It has already been shown to be wrong.
They were only looking at broadcasted transactions which were broadcasted through the network, i.e. accepted by and relayed by standard bitcoin clients. MtGox's vulnerable transactions weren't accepted by bitcoin clients after version 0.8, and not relayed. The transactions were only published through MtGox's API, and the researchers didn't look there. The transactions published in their API included a signature which could be changed into a valid one by a simple modification, and this is (probably) how the theft happened.
Can you explain that? How can transactions be made "invisible"?
Because the transactions will not be accepted by bitcoin nodes. Invalid transactions are discarded and not relayed to other clients, just as when someone send your client some random data. It may even disconnect the other node and blacklist it. (The MtGox transactions were not invalid enough to warrant a blacklist, just non-standard so normal bitcoin nodes won't accept or relay them, but will accept them if mined in a block by someone else.)
I can only barely understand the technical details of the paper, I must admit that. But if what your are saying is correct, how could thexy detect the TM after the media impact, if their algorithms were based on rejecting nodes? That i do not understand.
However, when it should turn out, that the paper is plain wrong, there is still a huge doubt about the purpordedtly loss of ALL BITCOINS by means of this "bug". The simple difference is, that we do not a have a proof yet.
Still there is one thing to check, in my opinion. The authors claimed that they could fit their recorded data to the database-data from Mt.Gox. That should be done before rejecting their work as "wrong", shouldnt it?