Seems highly unlikely its the platform compromised - more likely just people who didn't use 2FA then got key-logged/installed some trojan. If it were the platform itself then you'd think they'd target accounts which held the real money - i.e. asset issuers.
Agreed. We have seen some user accounts logged in first time without password errors and then sell/transfer assets. As well as lots of single-email bad password attempts, most of which do not exist on our system.
I have also disabled transfers until I add a second component. I may reenable for 2fa only though.
It sounds like people have been reusing their passwords across multiple sites and one of them got compromised or phished.
2FA is great, and could have stopped this, but also don't forget your password managers to create unique passwords for every account.
http://lastpass.com
I highly recommend that one, there's a free version.