Great explanation, as always, Dooglus. The only thing missing is the adding that one reason for the complexity in the exploit was that the game ticks are scheduled using a setTimeout after the last game tick, as opposed to on fixed intervals or at particular game multipliers. When enough people cash out at a particular point in time, it actually makes an extremely large (~50ms?) impact on the game tick. Since it's using non-blocking IO, I'm not quite sure why this is. But regardless there's quite a bit of work involved in just figuring out when the game ticks will run to be able to abuse the exploit.

I'm really impressed by the person who abused this bug. Not only due to the complexity of the exploit, but the fact he only took 5 of the 25 BTC in the hot wallet. He likely could have slowly abused the bug leading the eventual shutdown of MP, but instead was a class act. I'm really thankful for that and working on better security measures so I won't need to rely on the kindness of strangers as much.