Am I the only one who's surprised that 1900 Bitcoin was stored in hot wallets?
I don't think it is really possible for a mixer to not store all their coin in their hot wallet. If CM used cold wallets, moving coin to/from the cold wallet really couldn't be done on-chain, otherwise, it would be clear which groups of addresses belong to CM. Also, CM's operational model effectively put all their coin on a hot wallet, regardless of the location of it's private keys due to the fact that CM had such a low threshold for someone to get a "chip", which is effectively an IOU from CM to their customers -- all that is needed is a browser session.
Keeping funds offline would have been possible: once in a while, when they run out of chips, users could only get a voucher until new chips were created. In the same way funded keys could have been kept offline.
It is not a good security practice to transmit actual private keys between servers.
Notwithstanding the above, if someone can cause CM to belive that they have a chip, they effectively have access to the coin. So if someone were to trick CM into believing that coin was deposited, when in fact it was not, and they were able to do so in a way that CM could not differentiate from legitimate deposits, CM would need to either not honor all legitimate deposits, or ultimately honor the illegitimate deposits.
I think the backup-scenario sounds logical: 7 GB of data including several snapshots which includes some of the used private keys. I'm now curious if there's anyone left with (older) chips that haven't been emptied. I checked the changes
here yesterday, I'll do the same to day to see if more keys got swept. If that happened, I assume it's their owner emptying them now.
Over 7 TB of data was taken from CM. I would want to know what the other 99% of this data was.