I'm hoping OP will consider editing his post within the next few days with the full story of what happened. I'm not going to share what happened without permission but once he explains you will understand why I've chosen not to.
The current theory is that a thief must have compromised my account by brute-forcing my weak password.
I don't understand why Stunna chose not to share that. It sounds like you don't really know what happened yet if that's all you've come up with. Is there more to the full story that hasn't been shared here yet?
Did the server log show a bunch of failed login attempts as the attacker tried to guess the weak password? If he brute-forced it, you would expect that to be the case.
It's because his password was not bruteforced, we have measures to prevent this and server logs indicate this wasn't the case at all. I'll post the full story tomorrow.
OP here again. Ok, according to Stunna and I's private convo, apparently this was not the case. Sorry for the misinformation. The more I learn, the more this just gets confusing. I was under the initial impression (based on our private correspondence) that you did not log login attempts at the time of the theft. On Sept 25th, Stunna wrote:
"We had minimal logging prior (on account creation) now we are logging on cashout."
But before I contribute to any more confusion again, I will wait until Stunna posts his new findings.