What is the actual contract? Is it a 3-way between the service, the customer, and the escrow?
I'd say it was implied: the escrow was hired to act as a backup in case the service can't be trusted.Quote
Does the escrow have enough funds to make everyone whole?
So far, yes. There's $17k remaining.Quote
What are the exact obligations of each party?
I'd say the only remaining obligation is to reduce the clusterfuck.Quote
I don't see how the service could be off the hook here but perhaps this whole deal was structured in some bizarre way that I just don't understand.
"Bizarre" is a good way to describe it 
I wouldn't say they're "off the hook".Quote
I think I saw someone mention that some escrow funds are multisig and no longer possible to access, which sounds like a major issue and contrary to contingency planning, but again - I didn't dive deep enough into this.
Escrow is not multisig.Quote
Here is a different scenario - how would you deal with this:
Service loses money (hack, lost keys, whatever). No worries (for the customers), there is escrow. Service says "we fucked up, escrow please refund our customers". Escrow runs away with the funds and doesn't refund. Whom do you flag and why? Service? Escrow? Both?
That would be seriously fucked up. The escrow deserves a type 3 Flag for sure, to be created by the service. After that, I'd say the service should still refund the customers, or they can create a type 3 Flag against the service. Unless the customers agreed to only rely on the escrow before they paid the service, but that wouldn't make sense.Service loses money (hack, lost keys, whatever). No worries (for the customers), there is escrow. Service says "we fucked up, escrow please refund our customers". Escrow runs away with the funds and doesn't refund. Whom do you flag and why? Service? Escrow? Both?