As an observer, seems to me that Zhou Tong bears most of the responsibility for hacking together and making available that miserable contraption, without much regard for security...
Amir & Co. just got caught in the wrong place at the wrong time, and didn't back out, or take Bitcoinica offline and fix it, when it was wisest to do so.
The first hack was caused directly by negligence, because a server that was open to some members of the public was given access to Patrick's private mail server. My understanding if I recall correctly is that this oversight/error was caused by genjix.
The second hack was either caused by the hacker pwning genjix's box and releasing the source under his name, OR genjix releasing the source himself without first scrubbing out stored passwords/API keys.
Thats correct, as far as we got informed.
But please put it back into context.
- Patricks mailserver became the weak spot, because it was common practice in the existing Bitcoinica team to send root password reset mails to a mailing list; and it was possible to add further addresses just as one sees fit.
- the second hacker could only extract sensible access information from the source code, because it was in there (where it doesn't belong), and because someone used the API username as password in the central password exchange service, and someone else failed to consolidate the password management
Hey, you guys should really try to come back to a rational assessment of facts. You're absolutely turned on into witch hunt mode.
Not that I approve what happened, but all I can see is about 6 folks working on the typical average level of (dis)organisation you find in every everyday's office. We all know that this isn't sufficient for securing a money processing system, but we also all know that the only way to get average people to work more reliably is to install procedures - procedures - procedures and yet more procedures.
Just that kind of stuff everyone is quick to blame as "red tape" and "dinosaur economy"
If the goal is to start legal action, you guys should learn first to switch off all personal emotions, and put together a list of objective failures, which can be proven to have led to causing the bitcoinica customers the finnancial losses we're suffering.
We need facts and proves, not guesses, "conspiracy smells" and "impressions".