As for being unable to imagine someone having the opportunity to steal coins and not stealing them, that is just sad.

You're saying not only that you would have cleaned out the whole hot wallet in his situation, but that you can't imagine anyone existing who wouldn't do the same.

The guy who found the exploit in MoneyPot claims to make a living from finding exploits. In my experience it is hard to get paid properly for an exploit, so he helped himself to what he considered his work to be worth. That's questionable morally, of course, but he put a lot of work into developing the exploit code and wanted to make sure he was suitably rewarded for it. He reported it to MoneyPot in a responsible manner, and shared his exploit code once it was fixed.

In MoneyPot's position I would probably be feeling pretty stupid for leaving the site vulnerable like that, and relieved that the hole was fixed without causing serious damage to the site's bankroll.