Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
Who said anyone was able to SSH into the server without firewall rules blocking him? Stop spreading garbage.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider.
Ok. How do you access your servers? Console access? That's not locked down via ip then either? So I can login from anwhere in the world?
Yes, you can't stop bad system admins from making mistakes but you CAN also limit damage in other ways. In this case maybe not, but without locking things down to known good IPs, you are missing a very basic security feature that can give a huge increase over not doing it.
So please, "Stop spreading garbage" as this was a basic query for information on how it could happen if network level firewall rules are in place, which they should be.