That's far from evidence that it was heart bleed. Heart bleed was specific to openssl and therefore was not even a security breach for servers not running openssl. You have no idea what ssl he was running. To boot, Joe-blow hacker who gets into a site, is not going to take .02 - .04, especially if it was heart bleed since heart bleed had a fix it already for several months that just needed to be applied, he doesn't have the time to linger around everyday to take small amounts of money and try to go un-noticed.
That's true that I have no evidence, and have no idea whether or not he's using open SSL and what level he was at. I don't even know if he's a male or female. The only thing I do know is the heartbleed bug caused cached data to be available to non authorized users. He's also eluded to the fact he was hit by it. The fact that the breech of my accounts took place with a day of the announcement and also the fact that I logged into all of the accounts with in a very short time and the only accounts hit where the ones someone looking at raw data could easily figure out, leads me to believe it was that.
Again your absolutely correct that I don't know for sure. The little with drawls bugs me too. What would your theory be. Given that in 1 hour 3 accounts were breached, and all had small withdrawals done. This was a few days before the sale of the site (tongue in cheek). Do you think someone just happened to figure out 3 userid/passwords? do you think BTC-ARBS made the withdrawals? At first I though either would be possible. After I "somewhat" understood the HB Bug that seemed more plausible. Again, I can only say what happened to me and my conclusions.
Oh yea, There wasn't a lot in any of the accounts to begin with. They may have had .1 BTC each. Maybe that played into why they only took a small amount.
No idea, there are too many unanswered questions already, I just wouldn't start throwing out absolutes at this point.