Okay I have to admit the malware thing is kind of weird. I read through his post too fast and didn't see that. Why would ANYONE remotely access their mining rigs if they think their PC is infected? He's either completely full of shit, careless, desperate to convince people, or all of the above.
Well I know a few people who just set up their rigs with mining software, teamviewer, and remote desktop turned on and leave them for months without even restarting them. I used to be one of them but I made them more basic recently with less wide-open security and fewer ways to connect remotely, even though i'm barely paying for electricity lately and don't store coins on them.
The important part is that if there was something going on, he probably wouldn't know it. If there was a vulnerability exploited by the person that ultimately ran off with the coins, making it obvious his computer was compromised beforehand would ruin the plan to paint him as a responsible party when all the sites shut down.
I'm not saying we shouldn't still be highly skeptical, I'm just saying I don't think it's that unusual for someone to not notice in this case...especially if he stored almost no BTC on a local wallet and stored them all on dice sites.
Also, I remember when a couple Korean hackers stole 100+million Jackpot coins after the first few jackpots, there were matching IPs for them as well and I think they were proven to be 2 different people. The Mintpal breaches after some JPC mining site was compromised also showed matching IPs. I think they were Tor but I can't remember the specifics since it was a long time ago. I guess what I'm trying to say is we need healthy skepticism as well as more details from AK and anyone else that comes into the mix.